• We have a 5 STAR service and only happy clients ! 5 Star Rating
  • sales@plothost.com
Featured post

HostAdvice Best Customer Service Award 2017

August, 2017 – We are happy to announce the new award received from HostAdvice: 

HostAdvice Best Customer Service Award – 2017

hostadvice-best-customer-2017

HostAdvice anonymously tested our services and based on their customer service experience, they awarded us this great award. This confirms once again the quality of support we offer to our clients.

Check the new award in our dedicated page for awards at https://www.plothost.com/awards/

Interested in our web hosting services? Check our shared hosting plans and reseller hosting plans.

Share this post:

Scan your CWP account for viruses

This KB article is for CentOS Web Panel for shared hosting (end-users).

CWP offers the option to scan your account’s files for viruses. The option is available right from the CWP dashboard.

cwp antivirus scan

To scan your files for viruses:

  1. Log in to your CWP user account
  2. On the dashboard look for the Antivirus Scan section
  3. Choose the Scan and log only FOUND option and click the Antivirus Scan button
  4. Wait for a few minutes.
  5. Go back to dashboard -> Antivirus Scan section
  6. Choose the Get Last Scan Results option and click the Antivirus Scan button
  7. If there are any viruses you will see a list of the infected files, like:
    /home/demo/public_html/virus test.php: Eicar-Test-Signature FOUND
    

The video tutorial for this KB article:

 

You can read more/download the EICAR test file on http://www.eicar.org/86-0-Intended-use.html

Share this post:

How to install WordPress on CWP (without Softaculous)

This KB article is for CentOS Web Panel for shared hosting (end-users).

CWP has a feature that allows you to easily install WordPress. You don’t need Softaculous for this. CWP will take care of everything.

cwp wordpress install

To install WordPress from CWP:

  1. Log in to your CWP user account
  2. On the dashboard look for the WordPress icon (Addons section) and click on it
  3. Configure the options:
    – choose the protocol you want to use (https if you want to use SSL), also if you want to access your site with www or not.
    – choose the domain(you can have multiple domain on the same CWP account) on which you want to install WordPress
    – enter the desired directory – leave the field empty if you don’t want to install WP in a directory.
    – enter the database name – CWP will automatically fill this field – you can let is as it is
    – enter database username (this IS NOT the WordPress admin username)
    – database password – enter a strong password.
  4. Click the Install button. Wait for a few seconds and access the site on which you wanted to install WordPress. Now you just have to enter some WP settings (like language, admin username, password and email etc.)
  5. Your WordPress installation is live now 🙂

The video tutorial for this KB article:

 

Related KB article: Install Softaculous in CentOS Web Panel

Share this post:

CWP scripts

Similar to cPanel, CWP provideseasy-to-use scripts in the /scripts directory. The /scripts directory is a shortcut to /usr/local/cwpsrv/htdocs/resources/scripts

[root@cwp1 ~]# ls -l /scripts
lrwxrwxrwx 1 root root 42 Mar 24 07:06 /scripts -> /usr/local/cwpsrv/htdocs/resources/scripts
[root@cwp1 ~]#

At the time of writing this article, the available scripts are (36 scripts):

    1. add_alert – this is for development purposes. Use it to send messages to the admin dashboard. Use it as:

      /scripts/add_alert alert-type "text message" 
      example: /scripts/add_alert alert-info "update PHP to 7.2" 

      # Available options: alert-danger, alert-success, alert-info, alert-warning, alert-dismissable
      # Example: “Hello world, this is my test message!”

    2. check_api – it’s a diagnostic tool for CWP support. The output looks like:

      [root@cwp1 ~]# /scripts/check_api
      User API port 2302 check: OK
      Oauth query check: OK
      User API folder check: OK
      External API port 2304 check: OK
      External API files and htaccess : OK
      CSF Firewall status check: ENABLED
      TCP_IN for port 2304 set in /etc/csf/csf.conf: FAILED
      TCP_OUT for port 2304 set in /etc/csf/csf.conf: FAILED
      [root@cwp1 ~]#
    3. check_postqueue – shows how many emails were deferred. Output:

      [root@cwp1 ~]# /scripts/check_postqueue
      37
      [root@cwp1 ~]#
    4. checkdb – it checks the server for bad tables.

    5. clamd_fix_100_cpu_usagescript will fix clamd 100% cpu usage on the centos 7 servers 

    6. cwp_bruteforce_protection – enables brute-force protection for ports 2030 and 2031

      [root@cwp1 ~]# /scripts/cwp_bruteforce_protection
      
      CWP Scripts
      ################################
      
      
      Redirecting to /bin/systemctl restart  lfd.service
      
      You need to restart Firewall for changes to affect!!
      csf -r
      [root@cwp1 ~]#
      
      
    7. cwp_monitor – monitors CWP critical load

    8. cwp_version – shows the CWP server version as:

      [root@cwp1 ~]# /scripts/cwp_version
      0.9.8.592
      [root@cwp1 ~]#
      
    9. cwpsrv_rebuild_user_conf – recreates CWP configuration files and restarts CWP.

    10. disk_check – it check the disk space used by some directories:
      [root@cwp1 ~]# /scripts/disk_check
      272M    /var/log/
      216K    /usr/local/apache/logs/
      24M     /usr/local/cwpsrv/logs/
      212M    /tmp
      788K    /root
      176M    /var/lib/mysql/
      [root@cwp1 ~]#
      
    11. freshclam – updates ClamAV definitions (not the program itself):
      [root@cwp1 ~]# /scripts/freshclam
      ClamAV update process started at Tue Apr 10 12:57:43 2018
      WARNING: Your ClamAV installation is OUTDATED!
      WARNING: Local version: 0.99.4 Recommended version: 0.100.0
      DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
      main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
      daily.cld is up to date (version: 24467, sigs: 1905395, f-level: 63, builder: neo)
      bytecode.cvd is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)
      [root@cwp1 ~]#
      
    12. generate_hostname_ssl – generates a self-signed certificate for the hostname. We don’t recommend to use this script. Check our article on how to Set up an SSL certificate for hostname on CentOS Web Panel

    13. install_api – installs CWP API configuration

    14. install_imagick – installs Imagick

    15. install_maldet – installs Maldet

    16. install_net2ftp – installs net2ftp (a web-based FTP client)

    17. install_supportKey – installs the CWP SSH Support key

    18. list_domains – lists all the domains on the server:

      [root@cwp1 ~]# /scripts/list_domains
      DOMAIN | USER | PATH
      #################################
      newdomain.com   demo    /home/demo/public_html/newdomain.com
      [root@cwp1 ~]#
      
    19. list_subdomains – lists all subdomains

    20. list_users – lists all users:

      [root@cwp1 ~]# /scripts/list_users
      USERNAME | DOMAIN | IP ADDRESS | EMAIL | PACKAGE ID | BACKUP
      ###############################################################
      cwp1    cwp1.plothost.com       104.237.208.145 my@email.com    1       on
      plothost        plothost1.com   104.237.208.145 admin@plothost.com      1       on
      demo    demo.plothost.com       104.237.208.145 admin@plothost.com      1       on
      [root@cwp1 ~]#
      
      
    21. mail_queue_stats –  shows mail stats:
      [root@cwp1 ~]# /scripts/mail_queue_stats
      maildrop 0
      incoming 0
      hold 0
      active 0
      deferred 36
      [root@cwp1 ~]#
      
    22. mysql_fix_myisam_tables – fix MyISAM tables

    23. mysql_pwd_reset – reset MySQL/MariaDB password for root user

    24. mysql_set_max_connections – set the max_connections option in MySQL configuration

    25. net_show_connections – show server connections

    26. reload_cwpsrv – reloads CWP

    27. restart_cwpsrv – restarts CWP

    28. restart_httpd – restarts the httpd service

    29. security_is_my_server_hacked – check services that are usually hacked

    30. softaculous_fix_update – it installs Softaculous script

    31. update_cwp – updates CWP to the latest version

      [root@cwp1 ~]# /scripts/update_cwp
      
      
      ====================================================
      ============= CentOS Web Panel Cron ================
      ====================================================
      
      
      ###########################
      Firewall Flush Daily Blocks
      ###########################
      
      
      ######################
      Update Server Packages
      ######################
      [root@cwp1 ~]#
      
    32. update_ioncube – ionCube installer/updater

    33. upgrade_mysql – updates MySQL and phpMyAdmin

    34. user_backup – backup users’ files and databases

    35. varnish_clear_cache – clears the varnish cache without restart 

    36. whoowns – displays the owner of a domain:

      [root@cwp1 ~]# /scripts/whoowns demo.plothost.com
      Checking User Accounts:
      demo
      Checking Addon Domains:
      
      Checking SubDomains:
      
      [root@cwp1 ~]#
      
      

      You can also check our article on How to check if a domain is on the server  

Share this post:

Install Softaculous in CentOS Web Panel

Softaculous will allow your web hosting users to easily install many web scripts.

Notice that CWP will install Softaculous Free. To use Softaculous Premium you will need to buy a license. Go to softaculous.com or ask your server provider.

 

cwp softaculous install

 To install Softaculous from CWP:

  1. Connect to your CWP installation as admin
  2. Navigate to Script Installers->Scripts Manager
  3. Click the Install Softaculous button
  4. To configure Softaculous settings go to Script Installers->Softaculous. 
  5. Your users will be able to install scripts via Softaculous from their control panel interface (domainname.com:2083)
If you are a CWP end-user and you don’t see the Softaculous section in your panel, ask your host to install it from the CWP admin panel.

The video tutorial for this KB post:

Share this post:

Secure SSH with Google Authenticator Two-Factor Authentication on CentOS

It’s a good idea to secure the SSH login with a two-factor authentication method. We will show in this article how to secure SSH with Google Authenticator.

Steps:

  1. Install the Google Authenticator from Google Play
    google authenticator 1

     

  2. Install the Google Authenticator module:
    [root@cwp1 ~]# yum install google-authenticator
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
     * base: mirror.sesp.northwestern.edu
     * epel: mirror.beyondhosting.net
     * extras: bay.uchicago.edu
     * updates: mirror.math.princeton.edu
    Resolving Dependencies
    --> Running transaction check
    ---> Package google-authenticator.x86_64 0:1.04-1.el7 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ========================================================================================================================
     Package                               Arch                    Version                      Repository             Size
    ========================================================================================================================
    Installing:
     google-authenticator                  x86_64                  1.04-1.el7                   epel                   48 k
    
    Transaction Summary
    ========================================================================================================================
    Install  1 Package
    
    Total download size: 48 k
    Installed size: 97 k
    Is this ok [y/d/N]: y
    Downloading packages:
    google-authenticator-1.04-1.el7.x86_64.rpm                                                       |  48 kB  00:00:00
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : google-authenticator-1.04-1.el7.x86_64                                                               1/1
      Verifying  : google-authenticator-1.04-1.el7.x86_64                                                               1/1
    
    Installed:
      google-authenticator.x86_64 0:1.04-1.el7
    
    Complete!
    [root@cwp1 ~]#
    

     

  3. To configure the google-authenticator module use the google-authenticator command. Read the questions and ask according to your needs:
    [root@cwp1 ~]# google-authenticator
    
    Do you want authentication tokens to be time-based (y/n) y
    Warning: pasting the following URL into your browser exposes the OTP secret to Google:
      https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@cwp1%3Fsecret%3DC5ZIEY5TTOX3UNJXESKISMF2GQ%26issuer%3Dcwp1
    ssh qr code
    Your new secret key is: C5ZIEY5TTOX3UNJXESKISMF2GQ
    Your verification code is 604902
    Your emergency scratch codes are:
      92416476
      84187850
      96774355
      80714386
      19340003
    
    Do you want me to update your "/root/.google_authenticator" file? (y/n) y
    
    Do you want to disallow multiple uses of the same authentication
    token? This restricts you to one login about every 30s, but it increases
    your chances to notice or even prevent man-in-the-middle attacks (y/n) y
    
    By default, a new token is generated every 30 seconds by the mobile app.
    In order to compensate for possible time-skew between the client and the server,
    we allow an extra token before and after the current time. This allows for a
    time skew of up to 30 seconds between authentication server and client. If you
    experience problems with poor time synchronization, you can increase the window
    from its default size of 3 permitted codes (one previous code, the current
    code, the next code) to 17 permitted codes (the 8 previous codes, the current
    code, and the 8 next codes). This will permit for a time skew of up to 4 minutes
    between client and server.
    Do you want to do so? (y/n) n
    
    If the computer that you are logging into isn't hardened against brute-force
    login attempts, you can enable rate-limiting for the authentication module.
    By default, this limits attackers to no more than 3 login attempts every 30s.
    Do you want to enable rate-limiting? (y/n) y
    [root@cwp1 ~]#
    

     

  4. Scan the QR code with the Google Authenticator app from your phone:
    google authenticator 2 
  5. Your root@server-name account will be added to Google Authenticator
    google authenticator 3 
  6. Now let’s configure PAM. Edit the file /etc/pam.d/sshd
    [root@cwp1 ~]# nano /etc/pam.d/sshd
    

    And add the line:

    auth required pam_google_authenticator.so
    

    So the top of the file looks like:

    #%PAM-1.0
    auth required pam_google_authenticator.so
    auth       required     pam_sepermit.so
    auth       substack     password-auth
    auth       include      postlogin
    

     

  7. Now we must instruct OpenSSH to permit two-factor authentications. Open the file /etc/ssh/sshd_config :
    [root@cwp1 ~]# nano /etc/ssh/sshd_config
    

    Add the line (or comment out the line if it already exists):

    ChallengeResponseAuthentication yes

     

  8. Restart the sshd server:
    [root@cwp1 ~]# service sshd restart
    Redirecting to /bin/systemctl restart  sshd.service
    [root@cwp1 ~]#
    
    Do NOT close the current SSH connection. Open another SSH connection and check if you are able to connect with the two-factor authentication. If you can’t connect, investigate the cause by checking the SSH log file – /var/log/secure . If you can’t fix the issue, undo the actions from 6.(editing the file /etc/pam.d/sshd) and 7.(editing the file /etc/ssh/sshd_config) to be able to connect only with the password.
  9. Everything is set up at this moment. On the next logins, the system will ask for the verification code.

Related KB articles:
How to install nano editor with yum
Change the default SSH server port number

Share this post:
Page 1 of 48
1 2 3 48
back to top