Dedicated Servers Archives

How to: Restrict use of Perl, CGI and insecure Scripting

April 24, 2015October 22, 2014

With Plesk 12 you can create a “preset” which limits the type of scripting that can be assigned by your clients. This can help with the problem where you do not allow Perl or CGI but your Reseller clients can create service plans that allow these restricted services.

To prevent this from occurring, you can create presets which will not allow your clients to override these scripting options.

The file you need to edit

nano /usr/local/psa/admin/conf/site_isolation_settings.ini

In general, your PHP will always be switched on. Your PHP should be handled by FastCGI (for performance and security). Set Perl and CGI to “off” as follows

; The section describes allowed hosting options
[hosting]
php = on
php_handler_type = fastcgi
python = off
perl = off
cgi = off;
;fastcgi = any
;miva = off
;ssi = any
;ssl = any
;shell = /usr/local/psa/bin/chrootsh
;asp = any
;php_safe_mode = off
coldfusion = off

You can easily restore the original configuration files whenever required

cp /usr/local/psa/admin/conf/site_isolation_settings.ini.default /usr/local/psa/admin/conf/site_isolation_settings.ini

As a Plesk 12 admin, you can override these settings for any subscription. This simply eliminates these scripting options from showing as options to your clients.

How to: Remove DRWEB from your Plesk dedicated server

April 22, 2015September 22, 2014

With each new Centos based Plesk server, one of the first things you might want to do is remove the dr-web services. This is easily achieved.

yum remove drweb-base drweb-bases drweb-common drweb-daemon drweb-updater psa-drweb-configurator

Should you need to reinstall the server, you can do so in the Plesk autoinstaller or update manager in the main panel.

How to: Enable Graceful Restarts in Plesk

April 24, 2015August 22, 2014

Enabling graceful restarts in Plesk 12 will reduce the apache service downtime for your clients. By default, graceful restarts are not enabled.

Let’s log into the psa database

mysql -u admin -p`cat /etc/psa/.psa.shadow` psa

Verify if “graceful restarts” is already enabled

select * FROM misc WHERE param = "restart_apache_gracefully";

If no values are returned then let’s go ahead and make it so

INSERT INTO misc VALUES ('restart_apache_gracefully', 'true');

Now let’s reconfigure all the apache domain configurations, it can take a couple of minutes.

/usr/local/psa/admin/bin/httpdmng --reconfigure-all

You will now find your apache service outage time is drastically reduced.

Find all WordPress folders with 777 permissions

January 5, 2024November 8, 2013

How to find all folders with 777 permissions

As the owner of a dedicated server provided shared hosting services, you will find that many of your clients will install applications such as WordPress. So far so good. However, once they start getting stuck with file and folder permissions, they generally go crazy and set everything to 777 in order to fix the problems. Great, they get their site working! Now begin your problems.

With these liberal file and folder permissions together with some not-so-well written plugins, it is only a matter of time before the hackers and crackers target these weak WordPress sites and start injecting all manner of redirects and mail spammers on your server.

Using ‘find’ to locate those weaknesses

So, here is a nifty solution to find all those weak WordPress installations. The following find will list all WordPress installations that contain folders with 777 permissions:

find /var/www/vhosts/*/httpdocs/wp-content -perm 0777 -type d | grep -v "wp-content/"

Give this a whirl on your Plesk server and take a look at the list, navigate to each folder and tighten up the permissions as below:

cd /var/www/vhosts/dodgydomain.co.uk/httpdocs
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
chmod 750 ../httpdocs

These permission changes eliminate all unnecessary 777 permissions.

Ok, let’s automate the whole process

What? You have lots of these? Then here is a nifty script to automate the process for you:

df=`find /var/www/vhosts/*/httpdocs/wp-content -perm 0777 -type d | grep -v "wp-content/" \
| sed "s/wp-content//g"`

for line in $df;
  do
    echo $line
    cd $line
    find $line -type d -exec chmod 755 {} \;
    find $line -type f -exec chmod 644 {} \;
    chmod 750 $line
  done

This makes things a little more difficult for any would-be injection attempts. If your directory structure is different to the standard Plesk structure simply modify the find command as required.

Linux Performance: Remount EXT3 partitions using ‘noatime’

October 18, 2013

Increase Drive Performance by 40% using noatime

Are you feeling the heat on your dedicated server, getting high I/O wait times?

If you are using EXT3 partitions then it is worth checking to see if they are mounted using ‘noatime’. If they are not, then every read to your partition is also a write which can massively reduce hard drive performance.

First, find all partitions mounted as EXT3 mount without noatime:

# mount | grep ext3

/dev/sda1 on / type ext3 (rw,noatime)
/dev/sdb1 on /backup type ext3 (rw)

Any not showing the noatime attribute, simply remount like so:

# mount -o remount,noatime /backup

You can do this without a server reboot, you can do this with the server live and with the partitions already mounted.