So you have installed your SSL Certificate and now you want to use it. Paste the following code to the beginning of your .htaccess file to redirect all non-https to https.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
As the owner of a dedicated server provided shared hosting services, you will find that many of your clients will install applications such as WordPress. So far so good. However, once they start getting stuck with file and folder permissions, they generally go crazy and set everything to 777 in order to fix the problems. Great, they get their site working! Now begin your problems.
With these liberal file and folder permissions together with some not-so-well written plugins, it is only a matter of time before the hackers and crackers target these weak WordPress sites and start injecting all manner of redirects and mail spammers on your server.
So, here is a nifty solution to find all those weak WordPress installations. The following find will list all WordPress installations that contain folders with 777 permissions:
find /var/www/vhosts/*/httpdocs/wp-content -perm 0777 -type d | grep -v "wp-content/"
Give this a whirl on your Plesk server and take a look at the list, navigate to each folder and tighten up the permissions as below:
cd /var/www/vhosts/dodgydomain.co.uk/httpdocs
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
chmod 750 ../httpdocs
These permission changes eliminate all unnecessary 777 permissions.
What? You have lots of these? Then here is a nifty script to automate the process for you:
df=`find /var/www/vhosts/*/httpdocs/wp-content -perm 0777 -type d | grep -v "wp-content/" \
| sed "s/wp-content//g"`
for line in $df;
do
echo $line
cd $line
find $line -type d -exec chmod 755 {} \;
find $line -type f -exec chmod 644 {} \;
chmod 750 $line
done
This makes things a little more difficult for any would-be injection attempts. If your directory structure is different to the standard Plesk structure simply modify the find command as required.
If your AtMail search is not working, you can apply the following fix to lines 364 and 369:
sed -i 's/20$BeforeYear/$BeforeYear/g' /var/www/atmail/search.php sed -i 's/20$AfterYear/$AfterYear/g' /var/www/atmail/search.php
This fixes a bug in the search.php file for AtMail 1.04 and 1.05.
Find all HTML files that contain the text “Loading”
# find . -name *.html -exec grep -il "Loading" {} \;
Find all files modified in last 7 days
# find . -mtime -7
Find all .PHP files modified in last 7 days
# find . -name *.php -mtime -7
Find and Remove all PHP files modified in last 7 days
# find . -name *.php -mtime -7 | xargs rm
Find all files modified in last 10 days that contain text “Loading” and move to /trash
# find . -type f -mtime -10 -exec egrep -l "Loading" {} \; -exec mv -f {} /trash \;
How to get CGI working on Plesk 11
Running CGi and Perl scripts is not as straightforward as PHP, so in order to get your CGI working, ensure to confirm the following steps. Once the file in in the correct location, and the file system permissions are correct you will be good to go.
1) Ensure Perl-CGI is installed on the server. If you host with us, this is already done for you.
# yum install perl-CGI
2) Ensure Perl/CGI is enabled for your domain name in your Plesk panel. Find the domain name in the Plesk panel and look at the ‘Website Sripting and Security’ section.
3) Create a file named ‘hello.cgi’ with the following contents:
#!/usr/bin/perl
print("Content-type: text/plain\n");
print("\n");
print("Hello World!\n");
4) Ensure your file is uploaded to /cgi-bin and not /httpdocs/cgi-bin
5) Ensure your file permissions on the file are 755, you can set this in your FTP application or File Manager
6) You can now execute the file as such: http://www.mydomain.co.uk/cgi-bin/hello.cgi
Hello World!