The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New User Questions About Security

Discussion in 'Security' started by Amgeek, May 11, 2016.

  1. Amgeek

    Amgeek Member

    Joined:
    Nov 7, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi,

    Am trying to run a small VPS Cpanel Server. Learning as I go, little by little. I really need someone to "Look over my shoulder" (I can share my screen with you) and guide me along from time to time. I have a small budget so can pay some.

    Most of what I am finding are folks who want to do it all and or incapable of speaking (skype, Google hangout, whatever)

    My current host has been most helpful but I really need to find a good source. Eventually I would like to set up an Amazon server and will need help with that as well.

    I frequently see posts here in the forum that say something like "if you can't figure it out - hire one of us"

    Any ideas of who might do this.

    Thanks

    Ed
     
  2. cPTerrance

    cPTerrance *nix Technical Analyst II / Migrations Specialist
    Staff Member

    Joined:
    Jul 9, 2015
    Messages:
    72
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    There are Companies that provide help such as this, you can utilize System Administration Services to get a list of System Administration Companies. If you have any cPanel Specific questions or need a Installation done, feel free to submit a Free Support Ticket at cPanel Customer Portal
     
    Infopro likes this.
  3. webhostuk

    webhostuk Well-Known Member

    Joined:
    Sep 11, 2013
    Messages:
    54
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Website Owner
    Google is one resource to search for, if you wish to learn things by yourself or go for managed hosting where the hosting company can manage things for you.
     
  4. Amgeek

    Amgeek Member

    Joined:
    Nov 7, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Thank you both. Did not know about the Cpanel Customer Portal. Have been to System Administration Services but that seems to have been closed and the listings there are getting old. Tried to reach a couple of them before I started this thread. And, yes, I do look things up on Google and have asked several questions here. Have also gone without satisfactory answers - probably dont know enough to recognize the correct answer :) So...

    The offer stands. I need to spend a little time, from time to time, in a Google Hang out or similar situation, to really talk with someone about, what are probably fairly simple, basic terms and procedures.

    Thanks again.
    Amgeek
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Job offers / soliciting services is no longer permitted on these forums. You might want to post over on a forum like webhostingtalk if you're looking to hire someone. The System Administration Services is closed to replies, but it is kept up to date.

    IMHO, you don't need anyone looking over your shoulder that you have to pay, you're using cPanel! Spend some time with the documentation, read posts on this and other forums, don't go crazy trying out things you don't need on your server etc. You'll be fine.
     
  6. Amgeek

    Amgeek Member

    Joined:
    Nov 7, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Thanks, Infopro, for the forum info and I appreciate your confidence that I can do this. So far I have been able to figure most of it out and do try to keep it as simple as I can. There are thing that I think I should be able to understand that I just don't and might not even know where to start. For instance.

    Here is a question I have been wrestling with for several months. The following line of code(?)/Script(?)Command Line(?) was given to me by the provider of my VPS to help track down and remove a hack/attack. I am trying to 1) understand the results of running this (reading the output), (2) understanding how each line relates to what I find in Cpanel/WHM, (3) understanding what each of the commands and modifiers in that line does and what it is looking for.

    root@server2 [~]# grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"c wd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n


    1 /home/barnat2/public_html/photonfullwp
    9 /root
    10
    177 /
    1683 /etc/csf

    I need to break down this line to understand what it does and why so I can work on interpreting the output.

    So far this is as far as I have gotten and I am not sure if what I have is correct.

    • Grep : Grep searches.
    • Cwd : Comment when done
    • /var/log/exim_mainlog : this is the file that grep will search and comment on when done
    • | : seperates commands
    • Grep
    • -v: (--invert-match) option?
    • var/spool : another file being searched ?
    Getting ready to display results?
    • AWK: an interpreted programming language designed for text processing
    • -f: indicates the file containing the instruction? (what instruction?)
    • -F: Command line option Input field ?????
    Really stuck.

    Pretty lost- right?
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That command can be used for seeing where emails are coming from. You can google for:
    grep commands cheat sheet

    And find lots of tutorials on how to use grep. Here's is only one result:
    techrepublic.com/article/download-our-unix-command-cheat-sheets/

    You've got a more immediate problem then it sounds like to me.

    Your firewall has sent over 1683 emails it seems. Are you getting those emails? CSF/LFD emails can be very helpful.

    What problem are you actually having? An account is sending out spam from your server, the server has been compromised?
     
  8. Amgeek

    Amgeek Member

    Joined:
    Nov 7, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner

    Thanks for the keyword "cheat sheets" (had been working "tutorials"). FYI the techrepublic.com sheet is gone. Working my way through some of the others and some look pretty good.

    How would I have known that ..."1683 /etc/csf" means the firewall (csf?) is sending spam notices? I have not gotten any emails like that. Will research CSF/LFD this weekend.


    Current problem WAS (false confidence?) an account was spamming. I think their email password had been compromised. I changed it and they are no longer getting "over quota" bounce backs. Running the command again show about 300 additional (1683 to 1953) . Would like to clear that info to get a fresh count but don't know how.

    If that is fixes then I want to understand the rest of the report and the command better .
     
  9. Amgeek

    Amgeek Member

    Joined:
    Nov 7, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Am I on hold or forgotten?

    Still trying to interpret:
    root@server2 [~]# grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
    2 /
    4 /root
    643 /etc/csf

    It is different than when we started (last week). Does it still look like I have trouble?
     
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    643 emails in a week from your firewall is quite a bit. Have you gotten/read any of them?
     
  11. Amgeek

    Amgeek Member

    Joined:
    Nov 7, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Thanks for three good pieces of info. 1. Information in the report covers the past week (?) and 2 the line 643 /etc/csf is the number of emails the firewall has sent someone(?) and 3. apparently not me. I have not seen any of them. So.....

    I have looked at the firewall configuration again and don't see where those numbers come from or where the emails are going. Where would I find and change that?
     
  12. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Normally, emails from CSF\LFD are send to root, all root email should be forwarded to an off server email address. You can check to make sure you've got server contacts setup properly, here:
    WHM »Server Contacts »Edit System Mail Preferences

    Assuming thats setup proper, you might check to see if emails are being delivered to that email address where root email is forwarded to, using this tool:
    Home »Email »Mail Delivery Reports
     
  13. Amgeek

    Amgeek Member

    Joined:
    Nov 7, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Looks like all mail from root@server…… is sent to root@server…….

    In Edit System Mail Preferences there are three options:


    Forward Mail for “Cpanel” to: currently blank

    Forward mail “Nobody” to : root

    Forward mail for “root” to: nobody​


    I will change all of thoes to my email address and see what happens.

    Any precautions I should take?
     
  14. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Be sure you don't use a gmail account. You could, but if too much email forwarded to your gmail account you may get rate limited or even blocked.

    And then get ready for a flood of email I suspect.
     
  15. Amgeek

    Amgeek Member

    Joined:
    Nov 7, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Getting a trickle. Only 4 overnight. My two sign ins, one looks like a Cpanel automatic update probably happened and the other, I am guessing, is a blocked ftp attack on one of the accounts on the server.

    Code:
    Time: Wed May 18 07:07:50 2016 -0400
    
    IP: 58.20.241.75 (CN/China/-)
    Failures: 10 (ftpd)
    Interval: 3600 seconds
    Blocked: Permanent Block
    
    May 18 07:06:34 server2 pure-ftpd: (?@ 58.20.241.75) [WARNING] Authentication failed for user [anaccountontheserver.com]
    
    
    But there were probably more? I ran that “Grep” command and got:

    3 /
    5 /root
    941 /etc/csf

    I think the results says there were about 300 sent since the last reading (above/about 24 hours ago)? Am I missing something?
     
    #15 Amgeek, May 18, 2016
    Last edited by a moderator: May 18, 2016
  16. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    This suggests emails sent out by your firewall. You can access your CSF interface in Web Host Manager to view your firewall logs and notification settings to see what's triggering the alerts.

    Thank you.
     
Loading...

Share This Page