Nov 08

How to find all folders with 777 permissions


As the owner of a dedicated server provided shared hosting services, you will find that many of your clients will install applications such as WordPress. So far so good. However, once they start getting stuck with file and folder permissions, they generally go crazy and set everything to 777 in order to fix the problems. Great, they get their site working! Now begin your problems.

With these liberal file and folder permissions together with some not-so-well written plugins, it is only a matter of time before the hackers and crackers target these weak WordPress sites and start injecting all manner of redirects and mail spammers on your server.

Using ‘find’ to locate those weaknesses

So, here is a nifty solution to find all those weak WordPress installations. The following find will list all WordPress installations that contain folders with 777 permissions:

find /var/www/vhosts/*/httpdocs/wp-content -perm 0777 -type d | grep -v "wp-content/"

Give this a whirl on your Plesk server and take a look at the list, navigate to each folder and tighten up the permissions as below:

cd /var/www/vhosts/dodgydomain.co.uk/httpdocs
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
chmod 750 ../httpdocs

These permission changes eliminate all unnecessary 777 permissions.

Ok, let’s automate the whole process

What? You have lots of these? Then here is a nifty script to automate the process for you:

df=`find /var/www/vhosts/*/httpdocs/wp-content -perm 0777 -type d | grep -v "wp-content/" \
| sed "s/wp-content//g"`

for line in $df;
  do
    echo $line
    cd $line
    find $line -type d -exec chmod 755 {} \;
    find $line -type f -exec chmod 644 {} \;
    chmod 750 $line
  done

This makes things a little more difficult for any would-be injection attempts. If your directory structure is different to the standard Plesk structure simply modify the find command as required.

Nov 01

MICROLITE14 Server Relocation (Scheduled)

Affecting Server - M14 | Priority - Critical

UK Cheapest has experienced tremendous growth over the last decade and we couldn’t have done this without you. With the growth which we have experienced year over year, it has come to the stage where we have utilised most of our existing data centre space resulting in us needing to prepare ourselves for the future.

Throughout the November 2013, we will be migrating our data centre hardware to a larger data centre in Reading and your server(s) hardware will need to be moved to our new data centre space.The migration of your server is scheduled to commence on 11-11-2013 and will be completed between 10 PM UK time on 11-11-2013 and 6 AM UK time on 12-11-2013. We regret to inform you that your service will be unavailable during this migration process.

We will take a complete backup of your server before migrating it to the new data centre. If you have any questions regarding your server migration we encourage you to respond to this ticket where one of our senior technicians will be happy to answer any questions or concerns you may have.

We would like to take this opportunity to apologies in advance for the disruption and inconvenience this migration may cause you and we will do everything we can to minimise it.

Yours sincerely,

Support Team

Date - 11/11/2013 22:00 – 12/11/2013 06:00

Last Updated - 31/10/2013 10:56

 

Oct 31

MICROLITE13 Server Relocation (Scheduled)

Affecting Server - M13 | Priority - Critical

UK Cheapest has experienced tremendous growth over the last decade and we couldn’t have done this without you. With the growth which we have experienced year over year, it has come to the stage where we have utilised most of our existing data centre space resulting in us needing to prepare ourselves for the future.

Throughout the November 2013, we will be migrating our data centre hardware to a larger data centre in Reading and your server(s) hardware will need to be moved to our new data centre space.The migration of your server is scheduled to commence on 14-11-2013 and will be completed between 10 PM UK time on 14-11-2013 and 6 AM UK time on 15-11-2013. We regret to inform you that your service will be unavailable during this migration process.

We will take a complete backup of your server before migrating it to the new data centre. If you have any questions regarding your server migration we encourage you to respond to this ticket where one of our senior technicians will be happy to answer any questions or concerns you may have.

We would like to take this opportunity to apologies in advance for the disruption and inconvenience this migration may cause you and we will do everything we can to minimise it.

Yours sincerely,

Support Team

Date - 14/11/2013 22:00 – 15/11/2013 06:00

Last Updated - 31/10/2013 10:56

Oct 21

Only £1 for .CO.UK domains – Hurry!

Would you believe it? You can register a .CO.UK domain name for 1 year for only £1, hurry though, this is a time limited offer, so grab your new .CO.UK domain name today!

How to claim: Use promo code ONEPOUND at the checkout when registering a .CO.UK domain name for 1 year.

Oct 18

Increase Drive Performance by 40% using noatime

Are you feeling the heat on your dedicated server, getting high I/O wait times?

If you are using EXT3 partitions then it is worth checking to see if they are mounted using ‘noatime’. If they are not, then every read to your partition is also a write which can massively reduce hard drive performance.

First, find all partitions mounted as EXT3 mount without noatime:

# mount | grep ext3
/dev/sda1 on / type ext3 (rw,noatime)
/dev/sdb1 on /backup type ext3 (rw)

Any not showing the noatime attribute, simply remount like so:

# mount -o remount,noatime /backup

You can do this without a server reboot, you can do this with the server live and with the partitions already mounted.

Oct 18

Plesk Atmail Search Problems?

If your AtMail search is not working, you can apply the following fix to lines 364 and 369:

sed -i 's/20$BeforeYear/$BeforeYear/g' /var/www/atmail/search.php
sed -i 's/20$AfterYear/$AfterYear/g' /var/www/atmail/search.php

This fixes a bug in the search.php file for AtMail 1.04 and 1.05.

Oct 18

Find all HTML files that contain the text “Loading”

# find . -name *.html -exec grep -il "Loading" {} \;

Find all files modified in last 7 days

# find . -mtime -7

Find all .PHP files modified in last 7 days

# find . -name *.php -mtime -7

Find and Remove all PHP files modified in last 7 days

# find . -name *.php -mtime -7 | xargs rm

Find all  files modified in last 10 days that contain text “Loading” and move to /trash

# find . -type f -mtime -10 -exec egrep -l "Loading" {} \; -exec mv -f {} /trash \;
Oct 18

Tighten Up WordPress File and Folder permissions

If you used an auto installer for WordPress you may find that many of your files and folders have 777 attributes, this can be a risk and this permissions can be abused by compromised plugins.

To tighten up your folder, use SSH and locate your /httpdocs folder:

# find . -type d -exec chmod 755 {} \;
# find . -type f -exec chmod 644 {} \;
# chmod 750 ../httpdocs

At the same time, you might want to execute maldet to ensure there is no malware present:

# maldet -a ../httpdocs

Always ensure you are using the latest revision of WordPress. This is the single most important rule for ensuring maximum security of your WordPress site.

Oct 01

October Offers

Massive reductions on domain name registrations – grab yourself a bargain!

.CO.UK - £3.79
.COM - £5.95

Take advantage of this special offer today!

Sep 17

Getting MYSQL server has gone away when importing database from .sql file

Problem: You are trying to import a .sql file using the command line mysql command but it is unsuccessful as follows:

# mysql -u douser -pdbpass yourdb < db_file.sql
ERROR 2006 (HY000) at line XXXXX: MySQL server has gone away

The solution is to edit /etc/my.cnf and add the following line to the [mysqld] section:

max_allowed_packet=64M

Then restart mysql:

# service mysqld restart

Re-run your import query (you may need to delete the partly database first and re-create it) and it will now succeed.

Apr 27

With so many registrars to choose from it is difficult to determine which deals are the best.

If you have done your homework you will have already discovered that the initial registration cost is not the only cost you need to consider. The hidden fees make it extremely difficult to choose who to use. We make it very easy – by not having any! 

  • Transfer Out Fees - Our Transfer Out (or Away) fees are £0.00, that’s right, we do not hold you to ransom if you register your domain name with us. You can transfer your domain away at any time.
  • Beware the Small Print - There is NOTHING in our small print that will enable us to charge, penalise or fine you in any way for the use of your domain name.
  • WHOIS Record Charges - It is important to keep your WHOIS details up to date. We do not charge for any changes to your WHOIS record nor do we restrict updates to your WHOIS record, you are free to make these changes.
  • IPSTAG Change Fees - We do not charge any fee to transfer away your UK domain name or for IPSTAG changes. Many registrars make this fee so high it’s easier to stick with them. Check this fee before you register with anyone
  • Registrar Lock Fees - It is important to lock your non-UK domain but we don’t extort you for it. We give you FULL control over your Domain Locking. You can lock and unlock your domain at will and as required at no cost
  • Transfer Auth Code Fees - Registrars often quote free transfer outs and then charge you for the AUTH code! You can get your domain auth code from us at any time for free. The transfer away of any domain is at no cost.
  • Parked Domain Advertising - To make money from domains many registrars place advertisements on your parked domains. We do not place third party advertisements on your parked domain or any other service.
  • Web Forwarding - You can forward your domain name to any location and change this setting whenever your with. For free. Often registrars will make small annual charges for changes to your web forwarding service.
  • Name Server Changes - You are free to change your name servers as you wish, no limited, for free.
  • DNS Management - This is often an additional fee based service to your domain registration. With us, you have FULL control over your domain DNS Management at all times. There are no fees to make any changes. Ever.
Apr 02
Mar 21

If your domain is hosted, this guide is not for you. If your domain name is parked, ie. using name servers ns.microlite1.com and ns2.microlite1.com and you have purchased a POP Mailbox – read on…

Your domain is registered, you’ve got your Webmail login for your Domain POP Mailbox, now you want to get things moving on your iPhone or iPad. Here is an example of a POP Mailbox configured on an iPad3 (Ok, The New iPad). Obviously use your own name, username and password as provided.

First, let’s set up the Incoming Mail Server:

Now let’s setup the SMTP Outgoing Mail Server:

That’s all there is to it. You can use the same setting in other mail clients such Outlook, Entourage etc.

Mar 05

How to Change Plesk Mailbox Password from SSH Console

If you are in a hurry to change a Plesk Mailbox Password then the official route of going through the Plesk Control Panel, finding the account, drilling in to mailboxes can take some considerable number of mouse clicks. However, if you are comfortable with the server console then you can do it in an instant as below:

/usr/local/psa/bin/mail -u mailbox@domain.co.uk -passwd NwPsWrd3
Mar 05

How to Change Plesk Mailbox Password from the Console