EasyApache4 and CSF

If you upgrade from EasyApache 3 to EasyApache4 and you run CSF (ConfigServer Firewall), you’re going to need to make some changes to your CSF configuration because the Apache logs have been moved to a different directory. If you don’t make these changes, CSF will not be able to monitor your system effectively. As far […]

Chkrootkit output passwd infected

If you’re seeing output from your chkrootkit that says something like: Checking `passwd'… INFECTED And maybe (at the bottom): INFECTED (PORTS: 465) There’s a good change it’s a false positive but you need to check. The way to check is see if the md5sum of your current passwd file matches the one distributed by CPanel.

SSL for sites sharing an IP address: SNI+SSL

IPV4 addresses are in short supply and one of the most common reasons people need additional IP addresses is to supply SSL to a site. However, it is now possible to add SSL certificates to individual domains that share an IP address via Server Name Indication (SNI). Some things need to be in place to […]

Find files that have recently been modified on a Linux system

To find recently modified files on a Linux system use: find . -mtime -2 -ls In the above example the dot says start at the current directory and looks in that and all directories below it. The -2 tells it to search for files modified in the last two days. Something like this: find /home/nobby […]

IPSET for CPanel/WHM and CSF

If you use CSF (ConfigServer Firewall) on a CPanel/WHM system and you block a lot of IP addresses, performance can degrade on your server. One way to improve performance is to install IPSET and then plug that into CSF. It’s a simple two-step process: 1. In WHM, go to Software -> Install an RPM, wait […]

Can’t open /var/log/clamav/freshclam.log in append mode error

If you’re on a CPanel/WHM system and you start getting errors like: Can’t open /var/log/clamav/freshclam.log in append mode (check permissions!) … or … Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log) … from your cron.daily Anacron jobs (or any other weird sort of messages from the Clam Antivirus checker) it could be because you have two versions of […]

LFD spamd – suspicious process running under user cpanel

If you’ve installed the CSF firewall and its associated LFD process, you may be plagued with: suspicious process running under cpanel messages relating to spamd child. It will have something like /usr/local/cpanel/3rdparty/perl/514/bin/perl as the executable. In most cases this is a false-positive in terms of being a suspicious process and you could probably do without the emails cluttering up your […]