Directadmin – find all email forwarders on server for specific email account

Here is simple one liner for finding all mail aliases on Directadmin server that are forwarding to your email account – in this example your@email.com. All aliases are saved in files /etc/virtual/<domain_name>/aliases.

[root@directadmin ~]# grep -ri "your@email.com" /etc/virtual/*/aliases | awk -F '/|:' {'print $4 ": " $6 " ->" $7'}
email.com: alias1 -> your@email.com
somedomain.net: sales -> your@email.com,mail2@somedomain.net
anotherdomain.com: chacha -> myaddress@anotherdomain.com,this@email.com,your@email.com
.
.
.

Bulk TTL change in Directadmin

You may want to change TTL values for all domains and their DNS records on your Directadmin server. This can be done very easily. Here is how.

  • Go to templates directory.
    cd /usr/local/directadmin/data/templates
  • Directadmin’s default TTL value is 14400, so let’s say we want to change it to 300. You will have to edit template file named.db.
    sed -ie 's/14400/300/g' named.db
  • Rewrite all configuration files for each user
    echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue

Wait a minute or two, then check if user configs were rewrited with new values. Go to /etc/namedb and than open .db file of some domain. It should contain new TTL value.

Directadmin – install Letsencrypt SSL certificate on server hostname

Letsencrypt is a revolutionary step forward on web security. Free, valid SSL certificates for everyone. I won’t write about how to install and config letsencrypt on Directadmin machine. I will show only how to generate and install letsencrypt certificate on your Directadmin hostname.

When you installed Letsencrypt on Directadmin and tried to install certificate for your server hostname, there is a possibility that you came to this problem: HTTP/1.1 400 Bad Request

Just do this:

cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt

And than install certificate on your server hostname:

/usr/local/directadmin/scripts/letsencrypt.sh request my.serverhostname.com 4096

Open your Directadmin configuration file and change

SSL=0 to SSL=1

Also add this:

carootcert=/usr/local/directadmin/conf/carootcert.pem

Restart your Directadmin and you should be set.

Directadmin – block zip attachments with ClamAV and Exim

A lot of viruses and malware is sent in emails with zip attachments. Sometimes your antivirus like ClamAV wont catch nasty email. This is a big problem when you receiving tons of this kind of messages. So if you’re receiving tons of nasty emails containing zip attachments with viruses in it, good way to solve this is by simply reject emails with zip attachments. This was done on Directadmin server with Custombuild 2.0. Even if you’re not using Directadmin, configuration for ClamAV should be very identical.

  • If you built Exim and Clamav with Custombuild 2.0, than you should see this line in your /etc/exim.conf. Uncomment if it’s not already. If you’re using Custombuild 1.2, then this should be changed in /etc/exim.conf directly – settings in step 2 bellow.
    .include_if_exists /etc/exim.clamav.conf
  • Open file /etc/exim.clamav.conf and find word demime within that file. Then simply add zip to it. It should look like this:
    #1.0
    deny message = This message contains malformed MIME ($demime_reason)
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}
    deny message = This message contains a virus or other harmful content ($malware_name)
    demime = *
    malware = *
    deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
    demime = bat:com:pif:prf:scr:vbs:zip
    warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

Now any email with zip attachment will be rejected. Sender will receive error message like this:

The error that the other server returned was: 
550 This message contains an attachment of a type which we do not accept (.zip)

Directadmin – enable and configure Spamassassin automatically on creating user

By default, when you add new user in Directadmin, Spamassassin is disabled. Some users are not aware about Spamassassin, so they’ll have it disabled and will receiving a lot of spam. It is good practice to enable Spamassassin by default and also set some settings. You can do that by adding below code in your /usr/local/directadmin/scripts/custom/user_create_post.sh script. The first step is well described on Directadmin documentation. But you may also want to define some parameters for Spamassassin when user is created. It’s really simple. You can do that by manipulating filter.conf file. Steps below are preformed on Directadmin running on FreeBSD. It should be the same for Linux also.

Continue Reading

Install PHP extension on Directadmin – fast and easy way (without custombuild)

Directadmin is pretty good, lightweight, control panel for providing web hosting service or to host your own websites/projects, managing mail … Through the years, I recompiled PHP with custombuild countless times. Problem is, that every time that you want to install some new PHP extension – exif, in this example – you’ll have to rebuild whole PHP with Directadmin’s custombuild also. That can be very annoying and time-consuming. Expesialy when things go wrong. So, there is simple way on how to quickly install PHP extensions without using custombuild. I used this way many times. In this case, installation was done on CentOS 7.2 server with Directadmin and PHP version 5.6.23.

I hope this was helpful to you in any way.

Continue Reading

Directadmin – install cloudflare module (mod_cloudflare) on apache 2.4

Be careful that you’ll download proper package from cloudflare repository. In my case, I’m using Apache 2.4 on Directadmin installation. At first, I downloaded wrong version of mod_cloudflare.c and was constantly getting errors while trying to build module.

Download mod_cloudflare

wget https://www.cloudflare.com/static/misc/mod_cloudflare/mod_cloudflare.c

Install mod_cloudflare using apxs

apxs -a -i -c mod_cloudflare.c

Check if module was installed into Apache

[root@server ~]# httpd -M | grep cloud
cloudflare_module (shared)

Scan your cPanel/Directadmin for excessive files

When dealing with cPanel/Directadmin that contains a lot of users, you need some control of what those users are uploading. Web hosting accounts should be used just for that, hosting websites, and not as data storage – in most cases. Sometimes you even offer packets with unlimited disk capacity but you don’t want that users are storing movies and all kind of other unnecessary files that don’t belong on web hosting account. From web hosting perspective, in most cases, any single file that exceeds 100M is usually not part of website and is just laying there, wasting your precious disk space. In cases like this, account is used as backup service. You’ll be able to find all kind of files. Movies, music, applications, archives …

So you may want to have some reports on regular basis that gives you list of all files that exceed some maximum allowed file size limit – defined by you. Personaly, I scan on interval of 7 days for all files that exceed size of 300M. I created a simple script that will do just that. It will check your /home directory for all files that exceed size that you defined. At the end, report will be sent to your email. You can also scan other directory beside /home if you wish.

Continue Reading

Directadmin and wrong JPEG library version – FreeBSD

I came across this error a few times on DirectAdmin installations. I first noticed this error when I installed Nextgen Gallery plugin on some WordPress installation. When I tried to upload some pictures, php should resize them and create thumbnails, but instead of thumbnails I’ll get error about JPEG library (checked in error log). Below is procedure on how to fix that error. At least it worked for me. This Directaadmin was installed on FreeBSD 9.1.

  • Login as root
  • Update ports
[root@lala ~]# portsnap fetch update
  • Delete currently installed JPEG library
[root@lala ~]# pkg_info | grep jpeg
[root@lala ~]# pkg_delete jpeg
  • Install jpeg library with custombuild
  • Edit your configuration script for php in custombuild. Add or edit values as bellow. Notice that path is not /usr/local/lib anymore.
–with-gd \
–with-jpeg-dir=/usr/local \
  • Rebuild PHP with custombuild
[root@lala ~]# cd /usr/local/directadmin/custombuild
[root@lala /usr/local/directadmin/custombuild]# ./build php n
  • When build is complete, restart Apache and try it again. It should work.
[root@lala ~]# /usr/local/etc/rc.d/httpd restart

 

Find CryptoPHP hacks on your server / False php scripts

CryptoPHP is nasty little shit! A while ago I had a problem with spam on one of our hosting servers. When we ended on several RBL lists, one of them stated that there is a possible way that our machine is infected with CryptoPHP. Hacked files can be very hard to find. PHP code was hidden in false .png files! This pngs were then included in some legit php files, like index.php. So every time index.php was loaded, hacked code inside included png file was loaded too.

Here is how you can find if there are false png files on your system. Just scan your directory with this line:

find -L /path/to/dir/ -type f -name "*.png" -exec file {} + | grep PHP

You could also scan your system for other types of files. Just replace *.png with something elese, for example *.jpg.

Output for legit files will look something like this:

./wp-includes/js/tinymce/skins/wordpress/images/more-2x.png:    PNG image data, 3800 x 40, 4-bit colormap, non-interlaced

Output for script that pretends to be regular PNG file – hacks – will look something like this:

./test.png:   PHP script, ASCII text

© 2017 geegkytuts.net
Hosted by Hosterdam


About author