• We have a 5 STAR service and only happy clients ! 5 Star Rating
  • sales@plothost.com
Featured post

HostAdvice Best Customer Service Award 2017

August, 2017 – We are happy to announce the new award received from HostAdvice: 

HostAdvice Best Customer Service Award – 2017

hostadvice-best-customer-2017

HostAdvice anonymously tested our services and based on their customer service experience, they awarded us this great award. This confirms once again the quality of support we offer to our clients.

Check the new award in our dedicated page for awards at https://www.plothost.com/awards/

Interested in our web hosting services? Check our shared hosting plans and reseller hosting plans.

Share this post:

Scan your server for PHP malware with findcrack0r.pl

The tool that we will present here is a regex-based PHP malware scanner (written in Perl). It will scan your server for PHP malicious files. In addition to cxs and maldet (links at the end of this post), this tool is very useful for ensuring your server security.

1. So, first of all, download the latest script version from https://repo.coydogsoftware.net/coydog/rxtools/blob/master/findcrack0r.pl and save it to your server.

2. Now, that you saved the script to your server, just run it with:

perl findcrack0r.pl -po /home -t $(date +%Y-%m-%d)

The command we use will scan the /home directory (including all subdirectories) only for *.php file. The script will create a directory with the current date in /home/root/support/ (like /home/root/support/2018-07-18). In this directory, the script will create two files – one for suspicious malware PHP files, the other one for the symlinks founded:

root@www [~/support/2018-07-18]# ls
./  ../  scan-20180718234534.txt  symlinks-20180718234534.txt
root@www [~/support/2018-07-18]#

 

You should adjust the command line per your needs. See below the script’s input options. You might also need to enter the full Perl path.

 

root@www [/]# perl findcrack0r.pl -h
Usage:
  -t    ticket number for output dir
  -a  account list, comma-delimited. Will search only public_html
  -b     Number of bytes per file to scan. Default is 500000
  -p    restrict searches to *.php (faster but may miss stuff)
  -S    Skip checking symlinks
  -d    grep for defacements
  -o    other directories to search, independently of -a docroots. May be needed for addon/subdomains
  -u    user homedir prefix (default /home)
  -D    Debug mode. Output a more detailed log which identifies signature matches.
  -N    Show files which do NOT match on stderr (debug feature only)
  -e       exclude files wth names ending in . Workaround if scan hangs on js
  -r    regex debugging
  -c    use cache
  -q    quiet
  -h    print this help message and quit
root@www [/]#
Please notice that the script will report many ionCube PHP encrypted files. Double-check them (and all other files) before taking any action, as they might be legit files. Make backups before deleting any files!
 
 
The script file as of July 19, 2018 – just for information –  findcrack0r.txt – download the latest version from the developer site!
 

Other security tools for your server:
https://configserver.com/cp/cxs.html
https://www.rfxn.com/projects/linux-malware-detect/

Related post: Disable dangerous PHP functions on your web hosting server

Share this post:

Where to find forwarders/autoresponders on a cPanel server

Many times while troubleshooting clients’ mail issues you will need to find out the forwarders/autoresponders they have. 

On a cPanel server, this information is kept in separate files for each domain(and subdomain) in the /etc/valiases/ directory – like /etc/valiases/domain123.com; /etc/valiases/homedomain.net etc.

After root login, look for the interested domain as:

root@www [~]# cd /etc/valiases/
root@www [/etc/valiases]# cat phdomain123.com
contact@plothost123.com: "|/home/phdomain123/pipe.php"
autoresponder@phdomain123.com: "|/usr/local/cpanel/bin/autorespond autoresponder@phdomain123.com /home/phdomain123/.autorespond"
postmaster@phdomain123.com: admin@phdomain123.com
*: ":fail: No such person at this address"
root@web [/etc/valiases]#

In our example:
– the first line is a forwarder to a file (a PHP script)
– the second line is an autoresponder for the email autoresponder@phdomain123.com
– the third line is a forwarder to an email address
– the fourth line is the default action for unrouted emails. In this case, the “No such person at this address” message will be sent back.

If you don’t like the command line, you can use a plugin for WHM called ConfigServer Mail Manage. After installation, access it from WHM->Plugins->ConfigServer Mail Manage; choose the domain from the list and click the Manage Mail Forwarders button. You will see something like:

cfs mail manage

You can also check forwarders/autoresponders by accessing the client’s cPanel account.

Related post: How to setup an Email Forwarder in cPanel

Share this post:

100,000 views on our YouTube channel

Today we’ve reached 100,000 views on our YouTube channel 🙂 We are very happy that people like our videos and this motivates us to create new video tutorials.
We also have now 147 subscribers.

plothost-youtube-100000

In the next months, we plan to add more cPanel and Plesk tutorials.

Check out and subscribe to our YouTube channel at https://www.youtube.com/user/PlotHostSupport/

See you at 1,000,000 views  😀

Thank you.

 

Contact us via:
Email: https://www.plothost.com/contact/
Facebook: https://www.facebook.com/plothost/
Twitter: https://twitter.com/plothost
YouTube Channel:  https://www.youtube.com/

Share this post:

Upgrade CWP Free to the Pro Version

By default, CWP installs the Free version. This has some limitations – mainly, you can’t use some of the features:
– PHP Selector
cwp pro - php selector

 
– Monitor the server via Monit
cwp pro - monit

 
– Latest OWASP/Comodo ModSecurity rules 
cwp pro - mod security

 
– Yum Manager
cwp pro - yum manager

 

You  will see a message on the dashboard:

Keep CWP alive! You can always and freely donate for the CWP Development, don’t forget that every donation you make will go only for this project. Each donation, including the smallest ones like e.g. $1.00 can mean much for this project and new development. Click here to donate. Remove this message permanently by using CWPpro.

cwp pro - message

To buy the Pro version, follow the link from the message – the direct link is http://centos-webpanel.com/cwppro . Here you can buy it via an online payment or via SMS. For online payment, the price is $1/month, 3$/3 months, $6/6 months or 10$/ 12months.

The new version will be activated in max 24 hours: Within 24hours your server will be automatically switched to CWPpro.

You will receive an email message:

Your order for CWPpro has now been activated. Please keep this message for your records.
After receiving the payment your CWP should be updated to CWPpro within next 24 hours.

You can also run it manually and then log in to cwp and check if the cwp is switched to cwppro.

Shell command for cwp update, needs to be run as root sh /scripts/update_cwp

You are using now the CWPpro version 🙂

Share this post:

Scan your CWP account for viruses

This KB article is for CentOS Web Panel for shared hosting (end-users).

CWP offers the option to scan your account’s files for viruses. The option is available right from the CWP dashboard.

cwp antivirus scan

To scan your files for viruses:

  1. Log in to your CWP user account
  2. On the dashboard look for the Antivirus Scan section
  3. Choose the Scan and log only FOUND option and click the Antivirus Scan button
  4. Wait for a few minutes.
  5. Go back to dashboard -> Antivirus Scan section
  6. Choose the Get Last Scan Results option and click the Antivirus Scan button
  7. If there are any viruses you will see a list of the infected files, like:
    /home/demo/public_html/virus test.php: Eicar-Test-Signature FOUND
    

The video tutorial for this KB article:

 

You can read more/download the EICAR test file on http://www.eicar.org/86-0-Intended-use.html

Share this post:
Page 1 of 49
1 2 3 49
back to top