Exim Hardening Practices

There isn't any way within cPanel to prevent the bounce back as it's an informative measure so the customer knows their emails are being rejected. 

As for recommended and effective measures to stop spammers, I have a guide I've written that isn't yet completed that details some steps you can take to make it easier to track down spammers. It isn't possible so long as you have email services running to prevent spamming entirely. I'll go ahead and post what I have currently for that guide in case it might be of help:

Exim Hardening Practices

The intention of this guide is to provide some steps to help tighten the email sending practices on a machine in order to facilitate both determining the legitimate sender of an email as well as preventing spoofing on the machine.

WHM Options to Enable

1. Preventing nobody from sending emails

WHM > Tweak Settings, select “On” for the following option:

Prevent “nobody” from sending mail [?]

Prevent the user “nobody” from sending out mail to remote addresses
(PHP and CGI scripts generally run as “nobody” if you are using mod_php or have Suexec disabled.)

Then click the “Save” button to save the configuration change.

If you are using DSO for the PHP handler, this option is not advised. You can see in WHM > Apache Configuration > PHP and SuExec Configuration area which PHP handler is being used on the machine. 

The default handler for new cPanel installations would be suPHP, which would work for the above option. If you are using an older setup with DSO, it would be recommended to change to suPHP for better tracking on who is running PHP processes for scripts that send emails anyway.

2. Setting the Sender header when the email sender tries to spoof the sender

WHM > Exim Configuration, select the following:

Set the Sender: Header when the mail sender changes the sender (-f flag passed to sendmail).

Then click the “Save” button to save the configuration change.

3. Adding MailHeaders for PHP

WHM > EasyApache (Apache Update) > Step 6 Exhaustive Options List in the PHP section (PHP 4 and/or PHP 5), select the following:

MailHeaders

For more information on this option, please see CHOON.NET : Resources : Scripts & Patches : PHP Mail Header Patch 

Exim Configuration Changes

1. All logging for exim log file

WHM > Exim Configuration > Advanced Editor, add the following in the topmost box:

Code:

log_selector = +all

Then click the “Save” button to save this configuration change. This adds extra logging to /var/log/exim_mainlog on Linux (or /var/log/exim/mainlog on FreeBSD) such as subject and command path.

2. Stopping spoofing from webmail and SMTP authenticated users

WHM > Exim Configuration > Advanced Editor, add the following in the second box where it has begin acldirectly above it:

Code:

acl_check_data:
deny
 authenticated  = *
 condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\
  { !eqi{$authenticated_id} {${address:$header_From:}} }\
 }\
 }
 message  = Your FROM must match your authenticated email user.

This will prevent users from changing their identity in webmail or their email client, which would be spoofing an email identity other than the logged in user.

Removing sendmail

Finally, since sendmail spoofing cannot be prevented easily, moving sendmail binary on the system would be the best way to cut down on spoofing and spamming. You can simply run the following command:

Code:

mv /usr/sbin/sendmail /usr/sbin/sendmail.bak`date +"%Y%m%d%H%M%S"`

If your sendmail is not at /usr/sbin/sendmail, you could run whereis to locate it:

Code:

whereis sendmail

Please note that any forced cPanel updates (/scripts/upcp --force) or exim updates (/scripts/eximup) would replace the missing binary. You will need to manually move the file each time those scripts are executed or use /scripts/postupcp and /scripts/posteximup files to run the command to move the file again. The script could simply have the following content:

Code:

#!/bin/sh

mv /usr/sbin/sendmail /usr/sbin/sendmail.bak`date +"%Y%m%d%H%M%S"`

After creating the scripts, ensure they has execute permissions to run:

Code:

chmod +x /scripts/postupcp
chmod +x /scripts/posteximup

Please note that you cannot make the sendmail binary file immutable with blank contents as it is still replaced during eximup regardless, so the only viable option to keep it from being replaced would be to create the previously mentioned scripts.

Cautionary Note: Once sendmail is no longer working on the machine, your users will no longer be able to use it for scripts. They must use SMTP authentication in scripts rather than functions that call the sendmail binary. Most major applications such as Joomla do have an option to use SMTP authentication instead, but you are going to have many customers who relied on scripts that used PHP mail() function calling sendmail or who called sendmail directly, and those users will be impacted by this change. Please ensure that your users are well aware this is going to happen before removing sendmail functionality. It is best to test the repercussions it will have on services on your machine before making such a change permanent.

Moving /home Data From Old System To a New Linux System

Copy all files and directories using scp

The easiest way to copy all files (including hidden dot files) is as follows using the scp command:
$ scp -r /home/you/. you@new-system:/home/youOR
$ scp -r /home/you/. you@192.168.1.100:/home/you

Recommended Tool

I recommend using the rsync command - a fast and extraordinarily versatile file copying tool as follows. Login to your old laptop and type:

$ cd /home/you
$ rsync -avz * user@newsystem:/home/user/
OR
$ rsync -avz * user@192.168.1.10:/home/user/

Increase /tmp Partition Size in cPanel and secure it

cPanel’s new securetmp script is handy to prevent users from executing malicious code in /tmp or /var/tmp but if your software is like a lot out there and doesn’t have any garbage collection, you’ll find your /tmp partition filling up quickly. By default, cPanel’s script uses a limit of 512MB, and for those with large session data files (storing image data, for instance) this amount is fairly small. I played around with the script and although the 512MB value is easily changed, a good amount of the code would have to be tweaked in order to re-do an existing secured /tmp.

I have included below the sequence of commands I used to expand the “partition” to 1GB. I quote it because it’s not really a partition in the normal sense, but a 1GB file mounted as a loop block device. Note that in the instructions below I only stop MySQL, which is due the mysql.sock file it uses, however you will want to stop any other processes using /tmp as well. You can find these by running lsof|grep /tmp and using the output PID/process name to stop accordingly (commonly you will also need to stop the cpanel and apache services as well).

Here are the steps:

# /etc/init.d/mysql stop
# cp -af /var/tmp /var/tmp.bak
# umount /var/tmp
# umount /tmp
# rm -f /usr/tmpDSK
# dd if=/dev/zero of=/usr/tmpDSK bs=1024 count=1048576
# mkfs /usr/tmpDSK
# tune2fs -j /usr/tmpDSK
# mount -t ext3 -o nosuid,noexec,loop /usr/tmpDSK /tmp
# mount -o bind,noexec,nosuid /tmp /var/tmp
# cp -a /var/tmp.bak/* /tmp/
# rm -rf /var/tmp.bak/
# chmod 1777 /tmp
# /etc/init.d/mysql start

You should now see the increase /tmp partition size:

root@server [~]# df -h|grep tmp
/usr/tmpDSK           1006M   13M  993M   1% /tmp

OR Follow below steps:

1. Stop cpanel, apache (litespeed), mysql services:
/etc/init.d/cpanel stop
/etc/init.d/httpd stop
/etc/init.d/lsws stop
/etc/init.d/mysql stop

2. Umount /tmp and /var/tmp:
umount -l /tmp
umount -l /var/tmp

3. Move /usr/tmpDSK file to another location (just in case you’ll need to mount it somewhere else to preserve data):
mv /usr/tmpDSK /usr/tmpDSK_back

4. Modify /scripts/securetmp to set tmpdsksize to desired size:
vi /scripts/securetmp

$tmpdsksize = 2048000

5. Run:
/scripts/securetmp

6. Start cpanel, apache (litespeed), mysql services:
/etc/init.d/cpanel start
/etc/init.d/httpd start
/etc/init.d/lsws start
/etc/init.d/mysql start

How to check whether email accounts have been compromised

How to check whether email accounts have been compromised

When you see there is a suspicious issue with the behavior of exim, check to see if any email accoount has been compromised. For eg: please see the following log;

2011-11-01 15:01:13 [22561] 1RLMON-0005rt-OR <= test@domain.com H=(uuoulhgwf) [50.50.50.50]:47384
I=[100.100.100.100]:25 P=esmtpa A=dovecot_login:test@domain.com S=2291 T="\252k\260\352\263\261\262\364\274W\244j\263n\273I
\260t\244\321\250\317\251\312\274\244\257\273 \244k\251\312\274\351\247j\252\272\257\265\304_cxgwe"
from <test@domain.com> for linpr84@yahoo.com.tw sandyhung212@yahoo.com.tw eric_shieh0225@yahoo.com.tw
k1672x2@yahoo.com.tw blue12820@yahoo.com.tw briste00@yahoo.com.tw lisa34052@yahoo.com.tw ekke9889@yahoo.com.tw
ca438383@yahoo.com.tw rose-7945@yahoo.com.tw kenny559855@yahoo.com.tw z0913437700@yahoo.com.tw andre1528@yahoo.com.tw
jintinw@yahoo.com.tw m5200529@yahoo.com.tw 0930851353@yahoo.com.tw s58223315@yahoo.com.tw cherry80829@yahoo.com.tw
yanshu1234@yahoo.com.tw

You can use the following command to get the dovecot logins to the email accounts in the server(attempts via email client)

egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1

For eg:

root@ [~]# egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1
--------
 294 dovecot_login:support+domain1.com
 309199 dovecot_login:test@domain.com
-------

The email account test@domain.com was logged in 309199 times. So it is definitely compromised.

To get the actual details, ie the details about the email account logged in via webmail, use the following command,
Eg:

root@ [~]# grep "/webmail/x3/?login=1" /usr/local/cpanel/logs/access_log | grep test@domain.com | grep -Ev
 'cPanel_magic_revision|squirrelmail|roundcube|horde'

 30.40.50.60 proxy test@domain.com [11/01/2011:22:33:30 -0000] "GET /webmail/x3/?login=1 
HTTP/1.1" 200 0 "http://webmail.domain.com/webmaillogout.cgi" "Mozilla/4.0 (compatible; 
MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1)"30.40.50.60 proxy 
test@domain.com [11/01/2011:22:33:34 -0000] "GET /webmail/x3/mail/passwdpop.html?redirectdomain
=&email=larry&domain=domain.com HTTP/1.1" 200 0 "http://webmail.domain.com/webmail/x3/?login=1"
 "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1)"

Viruses that get into the PC affect the email client to get the password of the email accounts. It will then send spam emails using the email client from that PC in back ground. Viruses can also send the email/password details to a remote server from where the spammers can send bulk emails.

To get the dovecot login count for the last 1 to 2 hours on the server use the below command,

hour=`date | awk {'print $4'} | cut -d: -f 1`; lasthour=`expr $hour - 1`; grep "`date -I` $lasthour" /var/log/exim_mainlog |egrep
-o 'dovecot_login[^ ]+' | sort|uniq -c|sort -nk 1

For example:

root@ [~]# hour=`date | awk {'print $4'} | cut -d: -f 1`; lasthour=`expr $hour - 1`; grep "`date -I` $lasthour" /var/log/exim_mainlog |egrep -o 'dovecot_login[^ ]+' | sort|uniq -c|sort -nk 1

   1585 dovecot_login:test@domain.com

About these ads

MailIP Blacklist And SpammingScript to check path for the script used for spamming

Top 5 users sending maximum emails on the server:

 grep "<=.*P=local" /var/log/exim_mainlog | awk '{print $6}' | sort | uniq -c | sort -nr | head -5

 eximstats /var/log/exim_mainlog | grep -A7 "Top 50 local senders by message count" | tail -5 | awk '{print $1,$NF}'

Top 5 mail receivers:

egrep "(=>.*T=virtual_userdelivery|=>.*T=local_delivery)" /var/log/exim_mainlog | awk '{print $7}' | sort | uniq -c | sort -nr | head -5

eximstats /var/log/exim_mainlog | grep -A7 "Top 50 local destinations by message count" | tail -5 | awk '{print $1,$NF}'

Script to check path for the script used for spamming

Wordpress 404 page error + The requested URL /about-us/ was not found on this server.

wordpress 404 page error + The requested URL /about-us/ was not found on this server.

this issue will be  fixed by creating .htacess file below

RewriteEngine on

<IfModule mod_rewrite.c>
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Adding ip addresses to WHM

Adding ip addresses to WHM

Either using WHM, or directly editing ipaliases.
via WHM
Straightforward, go to Main >> IP Functions >> Add a New IP Address and it is self explanatory from there

You may add one or more new IPs to the system below. To add multiple IPs, use one of the following IP range formats:

    Class C CIDR (ex.: 192.168.4.128/25)
    IP/netmask (ex.: 192.168.4.128/255.255.255.128)
    IP range (ex.: 192.168.4.128-255)


by editing ipaliases
By entering the ip addresses into /etc/ips The format of the file is as follows:
<ip address>:<subnet mask>:broadcast address
these are colons inbetween.
Example: server with the following ip address information from its Manage page Ip range: 99.198.111.218 - 99.198.111.222 CIDR/29 Gateway: 99.198.111.217 Subnet mask: 255.255.255.248
the only thing missing form the Manage page, is the broadcast address.
The broadcast is usually the last ip address in the range (99.198.111.222) + 1 , that gives 99.198.111.223 (the caveat here is that HSRP ranges are listed differently, you need to really find the broacast address some other way, using a subnet calculator perhaps)



root@server2 [~]# cat /etc/ips
99.198.111.218:255.255.255.248:99.198.111.223
99.198.111.219:255.255.255.248:99.198.111.223
99.198.111.220:255.255.255.248:99.198.111.223
99.198.111.221:255.255.255.248:99.198.111.223
99.198.111.222:255.255.255.248:99.198.111.223

Lastly, restart the ipaliases service, and possibly run the buildippool script:
service ipaliases restart
/scripts/rebuildippool


Verify

/scripts/ipusage
ifconfig

Repair all database in mysql

Repair all database in mysql



Following command will repair your all databases on server.

myisamchk -r /var/lib/mysql/*/*.MYI

/etc/rc.d/init.d/mysql restart



Following command will show if you need to repair your database or not

myisamchk –check /var/lib/mysql/*/*.MYI

Then try ‘safe-recover’ first:

myisamchk –safe-recover /var/lib/mysql/*/*.MYI

OR

myisamchk –recover /var/lib/mysql/*/*.MYI

Forceful

myisamchk –safe-recover –extend-check –force /var/lib/mysql/*/*.MYI

OR

myisamchk –recover –extend-check –force /var/lib/mysql/*/*.MYI

How to turn off Innodb in mysql?

How to turn off Innodb in mysql?
March 5th, 2011Amit Honrao1 comment

Innodb is by default installed with mysql, You can verify whether Innodb is set to On or Off by using following command.

mysqladmin variables

mysqladmin variables | grep have_innodb

If you want to disable it so you can do it using following steps.

Edit mysql configuration file

vi /etc/my.cnf

add this in my.cnf file

skip-innodb

Save and exit from file using Esc !wq the enter

Could not connect: Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2) solution :

Could not connect: Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2)
solution :

We get this error if mysql.sock file is not available at /var/lib/mysql
login to server
killall -9 mysqld

service mysql start

service mysql restart

If still mysql.sock is not created under /var/lib/mysql then,
Go to /tmp
We will found there mysql.sock in red color
Delete it from /tmp
Service mysql restart
This should create mysql.sock file at /var/lib/mysql
OR

Use command “ln -s /var/lib/mysql/mysql.sock mysql.sock” to create it
then restart mysql and check

Some Useful cPanel scripts

Some Useful cPanel scripts


/scripts/adddns – Adds a DNS zone.

/scripts/addnetmaskips – Add the netmask 255.255.255.0 to all IPs that have no netmask.

/scripts/addnobodygrp – Adds the group nobody and activates security.

/scripts/addpop – Add a Pop Account.

/scripts/addservlets – Add JSP support to an account (requires tomcat).

/scripts/adduser – Add a user to the system.

/scripts/betaexim – Installs the latest version of exim.

/scripts/biglogcheck – looks for logs nearing 2 gigabytes in size

/scripts/bsdcryptoinstall – Installs crypto on FreeBSD.

/scripts/bsdldconfig – Configures the proper lib directories in FreeBSD.

/scripts/bsdpkgpingtest – Tests the connection speed for downloading FreeBSD packages.

/scripts/buildeximconf – Rebuilds exim.conf.

/scripts/buildpostgrebsd-dev – Installs postgresql on FreeBSD.

/scripts/checkbadconf – Checks /usr/local/apache/conf/httpd.conf for bad users.

/scripts/checkbsdgroups – Checks and repairs proftpd ownership on FreeBSD.

/scripts/checkccompiler – Checks to make sure the C compiler works on your system.

/scripts/checkfpkey – Checks for the FrontPage suid key

/scripts/checkgd – Checks to see if GD is built.

/scripts/checkinterchange – (Internal use).

/scripts/checklibssl – Checks to make sure the proper libssl symlinks exist.

/scripts/checkmaxclients – Checks to see if apache has reached the maximum clients allowed.

/scripts/checkoldperl – Checks to see if the version of Perl on your system is old.

/scripts/checkrsync – Checks to make sure rsync is up to date.

/scripts/checksuexecpatch – Checks to see if mailman has been patched for suexec.

/scripts/checksuspendpages – Checks to see if suspend pages are properly named.

/scripts/checkup2date – Makes sure up2date is set up properly (RedHat)

/scripts/checkyum – Makes sure yum is set up properly.

/scripts/chkpaths – Makes sure /usr/sbin/chown has a symlink to /bin/chown

/scripts/chownpublichtmls – Change ownership of all users web space to them, which is useful for converting to

suexec. Files owned by nobody are deleted.

/scripts/ckillall – Allows you to kill a process (used like killall).

/scripts/cleanbw – Cleans up old bandwidth logs.

/scripts/cleandns8 – Clean up named.conf.

/scripts/cleangd – Cleans up old GD installs and reinstalls GD

/scripts/cleanmd5 – Fix CPAN md5 problems.

/scripts/cleanmsglog – cleans exim’s msglog

/scripts/cleanupmysqlprivs – Cleans up improper mySQL privileges.

/scripts/compilers – Disables the usage of compilers for unprivileged users.

/scripts/convert2maildir – Converts mail from mbox to maildir format and installs courier impap and pop (cpimap is

removed).

/scripts/cpbackup – Runs backups.

/scripts/distupgrade – Upgrades RedHat to the newest version (for testing only)

/scripts/dnscluster – Enables DNS clustering.

/scripts/dnstransfer – Only if the server has a DNS master (sync with DNS master).

/scripts/downgradefp – Downgrades FrontPage Extensions (to 5.0-0)

/scripts/dropmysqldb – Drops a mySQL database.

/scripts/easyapache – Upgrade Apache

/scripts/editquota – Change a users quota.

/scripts/enablechkservdwebmail – Enable service checking of webmaild.

/scripts/enablefileprotect – Protects home directories if file protection is built in apache.

/scripts/ensurepkg – Installs a FreeBSD package.

/scripts/ensurerpm – Installs a rpm.

/scripts/exim3 – Installs exim 3.

/scripts/exim4 – Installs exim 4.

/scripts/eximlocalsend – Enables/Disables exim local sending.

/scripts/eximup – Installs/Updates exim.

/scripts/findhacks – Search for common Trojan Horses.

/scripts/findoddrootprocesses – Lists root processes that may need to be checked out.

/scripts/findphpversion – Check to see if your php version file is up to date.

/scripts/fixallcartswithsuexec – Fixes permissions on carts when using suexec.

/scripts/fixbinpath – Makes sure all bin file paths are correct.

/scripts/fixbuggynamed – Updates bind to solve any problems with bugs.

/scripts/fixcommonproblems – Attempt to fix the most common problems.

/scripts/fixetchosts – Fixes problems with /etc/hosts

/scripts/fixeverything – Fix common problems and quotas.

/scripts/fixinterchange – Reinstall interchange Perl modules.

/scripts/fixinterchangeperm – fix permissions on a user’s interchange cart.

/scripts/fixlocalhostwithphp – Change /etc/hosts to work better with PHP 4.2.0 + MySQL.

/scripts/fixmailman – Updates and restarts mailman.

/scripts/fixmysql – Fixes problems with mySQL.

/scripts/fixmysqlbsd – Fixes problesm with mySQL on FreeBSD.

/scripts/fixnamed – Updates bind to handle many DNS zones (more than 512).

/scripts/fixpop – Fix a POP account and reset password.

/scripts/fixproftpdconf – Fixes problems with /usr/local/etc/proftpd.conf

/scripts/fixproftpddupes – Updates proftpd.

/scripts/fixquotas – Fix quotas.

/scripts/fixrndc – Fixes named.conf to prevent rndc staus failed.

/scripts/fixsubdomainlogs – Run if subdomain logs don’t show up in cPanel.

/scripts/fixsuexeccgiscripts – Fix CGI scripts that are broken after suexec installed.

/scripts/fixvaliases – Fix permisions on valiases.

/scripts/fixwebalizer – Repair a Webalizer that has stopped updating.

/scripts/fpanonuserpatch – Updates FrontPage extensions to include the anonymous user patch.

/scripts/ftpquaotacheck – Runs quota checking for all ftp users.

/scripts/ftpup – Updates your ftp server.

/scripts/fullhordereset – Resets Horde and displays the current Horde password.

/scripts/gcc3 – Installs gcc-3.3.3

/scripts/gencrt – Generate a .crt and .csr file.

/scripts/initfpsuexec – Enable FrontPage suexec support.

/scripts/initquotas – Turn on quota support on new drives.

/scripts/initsslhttpd – Make sure HTTP starts with SSL.

/scripts/initsuexec – Turn on suexec support if suexec is installed.

/scripts/installfpfreebsd – Installs FrontPage 5 Extensions on FreeBSD.

/scripts/installfpgentoo – Installs FrontPage on Gentoo.

/scripts/installgd – Builds GD.

/scripts/installpkg – Installs a FreeBSD package.

/scripts/installpostgres – Installs PostrgeSQL.

/scripts/installzendopt – Install zend optimzer.

/scripts/installzendopt-freebsd – Install zend optimizer on a freebsd machine.

/scripts/isdedicatedip – Checks an ip to see if it is dedicated.

/scripts/killacct – Delete an account.

/scripts/killdns – Delete a DNS zone.

/scripts/killpvhost – Removes a virtual host from proftpd.conf.

/scripts/killspamkeys – Removes a spam key.

/scripts/killsslvhost – Removes a SSL entry for a virtual host.

/scripts/killvhost – Delete a vhost.

/scripts/listcheck – Checks mailing lists for issues.

/scripts/listproblems – Lists common problems.

/scripts/listsubdomains – List subdomains.

/scripts/mailperm – Fix almost any mail permission problem.

/scripts/mailscannerupdate – Updates MailScanner

/scripts/makecpphp – Installs php.

/scripts/manualupcp – Updates cPanel manually.

/scripts/md5crypt – Encrypts a password into MD5.

/scripts/mysqladduserdb – Create a MySQL databse and user.

/scripts/mysqlconnectioncheck – Attempts to connect to MySQL, restarts SQL if necessary.

/scripts/mysqldeluserdb – Delete a MySQL database and user.

/scripts/mysqlpasswd – Change MySQL password.

/scripts/mysqlup – Updates mySQL.

/scripts/newexim – Installs the latest version of exim.

/scripts/nofsck – Make fsck always use -y

/scripts/nomodattach – Removes mod_attach from httpd.conf.

/scripts/nomodauthmysql -Removes mod_auth_mysql from httpd.conf.

/scripts/nomodbwprotect – Removes mod_bwportect from httpd.conf.

/scripts/nomodgzipconfmods – Removes mod_gzip from httpd.conf.

/scripts/nomodperl – Removes mod_perl from httpd.conf.

/scripts/park – Parks a domain.

/scripts/patcheximconf – Fixes exim.conf.

/scripts/perlinstaller – Installs perl.

/scripts/phpini – Create a php.ini file.

/scripts/proftpd128 – Installs proftpd-1.2.8.

/scripts/quickkernel – Updates your kernel.

/scripts/quicksecure – Quickly kill useless services.

/scripts/rebuildcpanelsslcrt – Rebuilds the cPanel SSL Certificate.

/scripts/rebuildcpusers – Rebuilds /var/cpanel/users.

/scripts/rebuildetcpasswd – Rebuilds /etc/passwd.

/scripts/rebuildeximbsd – Rebuilds exim on FreeBSD.

/scripts/rebuildhttpdconffromproftpd – Rebuild httpd.conf from the proftpd.conf file.

/scripts/rebuildnamedconf – Restore named.conf from files in /var/named.

/scripts/rebuildproftpd – Restore proftpd.conf from httpd.conf.

/scripts/reinstallmailman – Reinstalls mailman.

/scripts/reseteximtodefaults – Resets exim’s default settings.

/scripts/resetimappasswds – Resets all imap passwords.

/scripts/restartsrv – Restart a service.

/scripts/restartsrv_apache – Restart apache.

/scripts/restartsrv_bind – Restart bind.

/scripts/restartsrv_clamd – Restart clamd.

/scripts/restartsrv_courier – Restart courier imap.

/scripts/restartsrv_cppop – Restart cppop.

/scripts/restartsrv_entropychat – Restart entropy chat.

/scripts/restartsrv_exim – Restart exim.

/scripts/restartsrv_eximstats – Restart exim statistics.

/scripts/restartsrv_ftpserver – Restart your ftp server.

/scripts/restartsrv_httpd – Restart httpd.

/scripts/restartsrv_imap – Restart impad.

/scripts/restartsrv_inetd – Restart inetd.

/scripts/restartsrv_interchange – Restart Interchange Shopping Cart.

/scripts/restartsrv_melange – Restart melange chat.

/scripts/restartsrv_mysql – Restart mysqld.

/scripts/restartsrv_named – Restart named.

/scripts/restartsrv_postgres – Restart postgresql.

/scripts/restartsrv_postgresql – Restart postgresql.

/scripts/restartsrv_proftpd – Restart proftpd.

/scripts/restartsrv_pureftpd – Restart pure-ftpd.

/scripts/restartsrv_spamd – Restart spamd.

/scripts/restartsrv_sshd – Restart sshd.

/scripts/restartsrv_syslogd – Restart syslogd.

/scripts/restartsrv_tomcat – Restart tomcat.

/scripts/restartsrv_xinetd – Restart xinetd.

/scripts/restoremail – Restores a user’s mail.

/scripts/runstatsonce – Runs statistics (should be used from the crontab).

/scripts/runweblogs – Run analog/webalizer/etc. for a user.

/scripts/safeyum – Runs yum safely.

/scripts/setupfp – Install FrontPage 3 on an account.

/scripts/setupfp4 – Install FrontPage 4 (2000) installer on an account.

/scripts/setupfp5 – Install FrontPage 5 (2002) installer on an account.

/scripts/setupfp5.nosueuxec – Install FrontPage 5 (2002) installer on an account when not using suexec.

/scripts/unsetupfp4 – Removes FrontPage 4 or 5 from an account.

/scripts/unsuspendacct – Unsuspends an account.

/scripts/upcp – Updates cPanel.

/scripts/whoowns – Finds out who owns a domain.

/scripts/wwwacct – Creates an account.

4 Ways to Free Up Disk Space on a cPanel Server

 4 Ways to Free Up Disk Space on a cPanel Server


To remove Fantastico backups:
rm -rfv /home/*/fantastico_backups

3) Delete cPanel File Manager temp files
rm -fv /home/*/tmp/Cpanel_*

 Remove cPanel update archives

/usr/local/apache.backup*
/home/cpeasyapache (actual name may vary depending on cpanel version)


6) Clean up Yum files
yum clean all

Re-Installing Auxiliary cPanel Software

Re-Installing Auxiliary cPanel Software

Cpanel has a lot of supporting software that you may be using on your server. In case something goes amiss, here is a list of scripts that reinstall cpanel-provided software on your system. For most all of these, you can pass a –force as an argument to force a reinstall of the application.

cPanel
/scripts/upcp

MySQL
/scripts/mysqlup

PostgreSQL
/scripts/installpostgres

Roundcube
/usr/local/cpanel/bin/update-roundcube

Horde
/usr/local/cpanel/bin/update-horde

Squirrelmail
/usr/local/cpanel/bin/update-squirrelmail

phpMyAdmin
/usr/local/cpanel/bin/updatephpmyadmin

pureFTP
/scripts/ftpup –force (See: Installing and Configuring pure-FTP)

Exim
/scripts/eximup

Courier IMAP
/scripts/courierup –force (See: Installing/Configuring Courier IMAP)

Dovecot
/scripts/dovecotup –force (See: Installing and Configuring Dovecot)

cpAddons
/scripts/cpaddonsup

NSD/BIND
/scripts/setupnameserver (NSD:/scripts/nsdup)

Apache/PHP
/scripts/easyapache (See: EasyApache)

suPHP
/scripts/suphpup

cPanel Internal PHP
/scripts/makecpphp

FrontPage Extensions
/scripts/fpupgrade

Mailman
/scripts/reinstallmailman (will not remove list data)

cpHulkd
/usr/local/cpanel/bin/hulkdsetup

Ruby
/scripts/installruby