Monthly Archives: April 2017

Create/delete subaccounts in cPanel

In the newer versions of cPanel, we have a new option – User Manager. With the User Manager tool you can add/delete subaccounts. As the cPanel user, you will be able to set permissions for subaccounts to access email, FTP, and Web Disk.

The cPanel User Manager interface doesn’t allow you to create new cPanel accounts. This can only be done via the WHM interface. If you have a reseller hosting plan then you have access to WHM. With our reseller hosting plans you can create unlimited cPanel accounts.

To add a subaccount:

  1. From the cPanel home page look for the PREFERENCES section, click on User Manager link.
  2. Click the Add User button
  3. Enter the Basic Information for the user as the Full Name, Username, Contact Email Address 
  4. Choose a strong password and confirm it (we recommend to use the cPanel tool to generate one)
  5. Select the Services you want to activate for this Subaccount (EMail, FTP, Web Disk)
  6. Click the Create button
cPanel User Manager
cPanel User Manager

 

To delete a Subaccount:

  1. From the cPanel home page look for the PREFERENCES section, click on User Manager link.
  2. Click the Delete button and then confirm the action. 

And the video tutorial is here:

Share this post:

Whitelist an IP in CSF for remote MySQL connections

ConfigServer Security & Firewall (csf) is a popular firewall for Linux web servers. Many cPanel web servers use it. By default, the csf is configured to block incoming connections to MySQL port, which is 3306.
But you have a client that requires a direct connection to the MySQL server. What can you do? Opening the port 3306 to public is not a very good idea. You can set up a rule in csf to allow incoming connections to MySQL from specific IP(s).

 

csf WHM Interface
csf WHM Interface

For this you will need to edit the file /etc/csf/csf.allow

####################### ########################## # Copyright 2006-2017, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
####################### ########################## # The following IP addresses will be allowed through iptables.
# One IP address per line.
# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
# Only list IP addresses, not domain names (they will be ignored)
#
# Advanced port+ip filtering allowed with the following format
# tcp/udp|in/out|s/d=port|s/d=ip
# See readme.txt for more information
#
# Note: IP addressess listed in this file will NOT be ignored by lfd, so they
# can still be blocked. If you do not want lfd to block an IP address you must
# add it to csf.ignore

 

Add the following lines to the file /etc/csf/csf.allow (replace 192.168.1.0 with the desired IP):

tcp|in|d=3306|s=192.168.1.0
udp|in|d=3306|s=192.168.1.0

Restart csf and that IP will be able to connect to MySQL/MariaDB server.

Share this post:

Whitelist Google, Bing, Yahoo, Yandex, Baidu bots in csf and mod_security

ConfigServer Security & Firewall or csf for short is a popular firewall solution for cPanel servers. Combined with some good rules for mod_security, it does a great job.
To prevent csf temporary/permanently blocking the IPs of good bots you should edit the file /etc/csf/csf.rignore

####################### ##########################
# Copyright 2006-2017, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
####################### ##########################
# The following is a list of domains and partial domain that lfd process
# tracking will ignore based on reverse and forward DNS lookups. An example of
# its use is to prevent web crawlers from being blocked by lfd, e.g.
# .googlebot.com and .crawl.yahoo.net
#
# You must use either a Fully Qualified Domain Name (FQDN) or a unique ending
# subset of the domain name which must begin with a dot (wildcards are NOT
# otherwise permitted)
#
# For example, the following are all valid entries:
# www.configserver.com
# .configserver.com
# .configserver.co.uk
# .googlebot.com
# .crawl.yahoo.net
# .search.msn.com
#
# The following are NOT valid entries:
# *.configserver.com
# *google.com
# google.com (unless the lookup is EXACTLY google.com with no subdomain
#
# When a candidate IP address is inspected a reverse DNS lookup is performed on
# the IP address. A forward DNS lookup is then performed on the result from the
# reverse DNS lookup. The IP address will only be ignored if:
#
# 1. The results of the final lookup matches the original IP address
# AND
# 2a. The results of the rDNS lookup matches the FQDN
# OR
# 2b. The results of the rDNS lookup matches the partial subset of the domain
#
# Note: If the DNS lookups are too slow or do not return the expected results
# the IP address will be counted towards the blocking trigger as normal
#

Add the following lines to /etc/csf/csf.rignore file:

.googlebot.com
.crawl.yahoo.net
.search.msn.com
.google.com
.yandex.ru
.yandex.net
.yandex.com
.crawl.baidu.com
.crawl.baidu.jp

csf is blocking IPs when a host is blocked for a number of times by a mod_security rule. So, we must go to the root of the problem – we will create mod_security rules to allow good bots.
For this, we will edit the mod_security .conf files. If you are using cPanel EasyApache 4, add the following lines to the file /etc/apache2/conf.d/modsec/ modsec2.user.conf

HostnameLookups On
SecRule REMOTE_HOST "@endsWith .googlebot.com" "allow,log,id:5000001,msg:'googlebot'"
SecRule REMOTE_HOST "@endsWith .google.com" "allow,log,id:5000002,msg:'googlebot'"
SecRule REMOTE_HOST "@endsWith .search.msn.com" "allow,log,id:5000003,msg:'msn bot'"
SecRule REMOTE_HOST "@endsWith .crawl.yahoo.net" "allow,log,id:5000004,msg:'yahoo bot'"
SecRule REMOTE_HOST "@endsWith .yandex.ru" "allow,log,id:5000005,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .yandex.net" "allow,log,id:5000006,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .yandex.com" "allow,log,id:5000007,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .crawl.baidu.com" "allow,log,id:5000008,msg:'baidu bot'"
SecRule REMOTE_HOST "@endsWith .crawl.baidu.jp" "allow,log,id:5000009,msg:'baidu bot'"

After adding these lines, please restart the Apache Web Server. After some time, you will see entries in the server logs. Just go to WHM->Security Center->ModSecurity™ Tools->Hits List or from the command line:

root@web [/]# grep "500000" /usr/local/apache/logs/error_log | tail -30

 

cPanel Mod_Security Logs
cPanel Mod_Security Logs

Resources:
https://webmasters.googleblog.com/2006/09/how-to-verify-googlebot.html
https://yandex.com/support/webmaster/robot-workings/check-yandex-robots.xml
https://www.bing.com/webmaster/help/how-to-verify-bingbot-3905dc26
https://github.com/SpiderLabs/ModSecurity/wiki/

Share this post:

Add AMP HTML support to your WordPress blog

Accelerated Mobile Pages (AMP) is an HTML type language that is optimized for mobile using. Google puts more and more SEO value on AMP pages. For example, you can see statistics for your AMP pages in Google Analytics. In this post we will show you how to install the AMP WordPress plugin by Automattic.

The steps to support AMP in WordPress:

  1. Log in to your WordPress installation (usually the url is domain.com/wordpress_directory/wp-login.php)
  2. Go to Plugins->Add New
  3. Type “AMP” in the Search plugins edit box
  4. You’ll see a list of available plugins. Install the AMP by Automattic plugin by clicking the Install button. 
  5. Activate the plugin by clicking the Activate button.
  6. Now you will have AMP support for your WordPress blog. To see the AMP pages, just add /amp/ to any URL on your blog.(eg. domain.com/post-1/amp/)

Here is a short video tutorial:

You can verify your /amp/ posts with the official HTML AMP Validator https://validator.ampproject.org/

To customize the look of the AMP pages, you can install the AMP for WP – Accelerated Mobile Pages (it requires the AMP plugin by Automattic)

WordPress AMP Plugins
WordPress AMP Plugins

For other AMP related plugins, search the WordPress site https://wordpress.org/plugins/search/amp/

Related KB post: How to convert HTML to AMP

Share this post:

How to set up a redirect for your website in cPanel

Did yo move your site to a new domain? You want to redirect accesses to a removed folder to the main page? the cPanel Redirect allows you to set such redirects.

To setup a redirect follow the steps:

  1. First, log into your cPanel account
  2. Look for Redirects (DOMAINS section)
  3. Now we will add the redirect. Choose the Type you want Permanent(HTTP code 301) or Temporary(HTTP code 302)
  4. Choose if the redirect should work for all the domains or for a single domain(select it from the drop-down list)
  5. Then select the directory or file you want to redirect from.
  6. Enter the destination URL.
  7. Choose if you want to redirect with/without/and www. Also, you have a Wild Card Redirect option. With this option checked the server will redirect all files within a directory to the same filenames in the destination directory.
  8. Click the Add button
cPanel Redirects
cPanel Redirects

A short video tutorial:

The cPanel Redirect tool uses the .htaccess file. Take care if you want to edit/delete this file. For advanced info on the directives you can use in the .htaccess file, please visit Apache Module mod_rewrite page.
Share this post:
Page 3 of 7
1 2 3 4 5 7