SFTP: Command failed

If you try to connect via SFTP with some FTP/SFTP client and you are getting error “Command failed”, you’re sftp-server path in sshd_conf is wrong.

Open your sshd_config file and edit sftp-server path accordingly to your OS.


Subsystem sftp  /usr/lib/openssh/sftp-server


Subsystem sftp /usr/libexec/openssh/sftp-server

Restart your ssh and it should work.

Linux: restore all system permissions of your server

If you ever found your self in situation when you accidentally overwrite all permissions of your system, and everything stops working, then solution bellow may do the trick. This CentOS server was overwritten by wrong permissions through the whole system. Quick solution is to set up right permissions back. If you have backup of server that’s great. Otherwise you’ll have to set up new server with similar installation or do this on some other server with similar installation.

On “new” server, copy permissions of the whole system and save it to a file. You can also exclude dirs that you don’t need also.

find / -not -path "/proc*" -not -path "/dev*" -not -path "/sys*" -not -path "/var/www*" -exec stat -c "chmod %a %n;" {} \; > permissions.txt

On your “broken” server, rewrite all permissions:

cat permissions.txt | bash

RoundCube: Could not save new password. Connection error. Recv failure: Connection reset by peer

If you’re having trouble when try to change your email password in Roundcube on your Directadmin installation, than error will be probably something like this:

Could not save new password. Connection error. Recv failure: Connection reset by peer

Solution is simple. Just open Roundcube configuration file (/var/www/html/roundcube/plugins/password/config.inc.php) and find:

$rcmail_config['password_directadmin_host'] = 'tls://localhost';

then, change it to:

$rcmail_config['password_directadmin_host'] = 'ssl://localhost';

It should work.

Create and password protect/encrypt zip archive from command line / stored 0% message

When sending zip archives that contains risky/secure content, you should always encrypt and password protect them. Especially when sending them to clients via email, Dropbox or some other public sharing method. To do that on Linux is very simple. You can do it with commands bellow. When executed you’ll be prompted to enter password.

When adding file, just do this:

zip --encrypt myarchive.zip myfile.txt

But when adding directory with subdirectorys and files, than you should always include “-r” flag to tell zip to use recursion. Otherwise you’ll end up with empty directory and see message like this “adding: behaviour.exchange/ (stored 0%)”

To add directory recursively:

zip --encrypt -r myarchive.zip mydir/


YUM: Error: Network error: Connection reset by peer

If you get this error message when trying to install packages via yum package manager, than just execute command bellow and it should fix your problem.

yum clean expire-cache

Update all php extensions at once with YUM

With YUM, upgrading php is simple as “yum install php”. This will install latest php version on your machine. But if you have multi different php modules that aren’t part of php package (eg. gd, mysqli …), than you can use this simple one liner and install all those modules at once.

Just run this as root:

php -m | grep -v "Modules" | while read i; do yum install php-$i -y; done

This will check for all currently installed php packages and will try to upgrade them.

Magento – lock administration to specific country

Brute force attacks on Magenta administration are also very common issue, like with WordPress, well maybe a little less :). If you can’t lock your administrations on specific fixed IP addresses, than you can probably lock administration so that is accessible only from your country. Russia and China for example, are countries from which those kind of attacks are very common. So it is good idea to block them.

For this example, I’m doing this on Apache 2.4 with GeoIP module installed. Before you proceed, you should have installed geoip.

To have Magento administration accessible only from Germany (for example), add code bellow to your apache vhost configuration. This geoip was installed on CentOS 7, you should change path to GeoIP.dat accordingly to your installation. You should also change country code to the one that you want access from.

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/(index.php/)?admin/? [NC]
RewriteRule .* - [R=403,L]

Directadmin/Letsencrypt – Domain does not exist on the system. Unable to find your.hostname.com in /etc/virtual/domainowners

A few days ago I was doing complete migration of old Directadmin server to new Directadmin server which had different hostname. Everything went well but I was unable to register Letsencrypt SSL certificate for new server hostname.

I was getting error like this:

[root@myserver scripts]# ./letsencrypt.sh request my.server.com 4096
Domain does not exist on the system. Unable to find my.server.com in /etc/virtual/domainowners. Exiting...
no valid domain found - exiting

First thing I did is I add new hostname as domain to user admin. Certificate was indeed registered than, but not as server hostname (/usr/local/directadmin/conf/cacert.pem). I deleted domain than.

After a little search I found out that I forgot to change servername variable in directadmin.conf. So I changed it, restart directadmin but I was getting the same error. At the end I found out that the easiest way to fix this is to change hostname in Directadmin administration.

  1. Go to Directadmin as admin user and navigate to Administrator Settings, then set some temporary hostname in Server’s Hostname. Let’s say my.server2.com.
  2. Wait until cron will make changes – you should see new hostname in Administrator Settings when refreshing page.
  3. Go in Administrator Settings again and change Server’s Hostname to your old hostname – my.server.com.
  4. Run letsencrypt.sh again.

This time, certificate was registered successfully.

[root@myserver scripts]# ./letsencrypt.sh request my.server.com 4096
Setting up certificate for a hostname: my.server.com
Generating 4096 bit RSA key for let's encrypt account...
openssl genrsa 4096 > "/usr/local/directadmin/conf/letsencrypt.key"
Generating RSA private key, 4096 bit long modulus

malware acl condition: clamd: unable to send file body to socket (

If you see error like this in your mail logs, than chances are that your ClamAV is not able to process attachments files larger than limit set in clamav configuration. In this case, sender which sent email with larger attachment to your server, will get something like this in respond:

[] #<[] #5.0.0 smtp; 5.4.7 - Delivery expired (message too old) [Default] 451-'Temporary local problem - please try later' (delivery attempts: 75)> #SMTP#

In your mail log you’ll see something like this:

+++ 1e248B-000NMy-T6 has not completed +++
1969-08-15 01:40:21 1e248B-000NMy-T6 malware acl condition: clamd : unable to send file body to socket (
1969-08-25 01:40:21 1e248B-000NMy-T6 H=some.hostname.com [] X=TLSv1:RC4-SHA:128 CV=no F=<prvs=449d2f142=senders@email.com> temporarily rejected after DATA

To solve this, open your clamav.conf file (/etc/clamav.conf or find your location) and change value for StreamMaxLength according to your needs. Default value is 25M.

Don’t forget to restart your ClamAV.

Block bad bots on cPanel globally with Apache

A lot of traffic from bad bots, crawling your sites can cause problems such as high server load and unstable server. You should use mod_security on cPanel servers that should do the job, but if you want to block specific bots globally, on apache level, then bellow solution is for you. This syntax is for Apache version 2.4.

On cPanel servers you can’t just edit httpd.conf file, it will be rewrited. You can edit it through whm easily. Just login on your cpanel -> Apache Configuration -> Include Editor -> go to “Pre Main Include” -> select your apache version (or all versions) -> then insert code bellow and click Update and then restart apache.

In Directory section, you should specify right path to location where websites are. On cpanel servers this is /home by default.

Here is my example:

<Directory "/home">
   SetEnvIfNoCase User-Agent "MJ12bot" bad_bots
   SetEnvIfNoCase User-Agent "AhrefsBot" bad_bots
   SetEnvIfNoCase User-Agent "SemrushBot" bad_bots
   SetEnvIfNoCase User-Agent "Baiduspider" bad_bots
     Require all granted
     Require not env bad_bots

© 2018 geegkytuts.net
Hosted by Hosterdam

About author