linuxavid

Here we can go throw , how server CPU loads can be troubleshooted. Figure out the root cause and solution ======================================================================== Sometime you may need to find out load in the VZ node where you have cPanel VPS Issue the below command to spot which VM is the culprit vzlist -o laverage,veid,hostname   check the result and log in to the VM vzctl enter VMID ======================================================================== Finding Load causing connections and users ============================== By default dcpumon runs every 5 min to log CPU usage ("top" output) and stores the data into /var/log/dcpumon # crontab -l | fgrep cpu */5 * * * * /usr/local/cpanel/bin/dcpumon >/dev/null 2>&1 # You can view the report with "dcpumonview" command: root@cpanel [~]# /usr/local/cpanel/bin/dcpumonview ----------------------------------------------------------- |User    |D

Now we can run the following command to see what scripts are located in that directory: ls -lahtr /userna5/public_html/data drwxr-xr-x 17 userna5 userna5 4.0K Jan 20 10:25 ../ -rw-r--r-- 1 userna5 userna5 5.6K Jan 20 11:27 mailer.php drwxr-xr-x 2 userna5 userna5 4.0K Jan 20 11:27 ./ grep "mailer.php" /home/userna5/access-logs/example.com | awk '{print $1}' | sort -n | uniq -c | sort -n Deny those IP ======================================================================== Locate email accounts being used to spam grep "A=courier_login" /var/log/exim_mainlog | sed -e 's#H=.* \[##' -e 's#\]:[0-9]*##' | awk '{print $5,$6}' | sort | uniq | awk '{print $1}' | uniq -c | awk '{ if ($1 > 1) print $0}' grep "A=courier_login" /var/log/exim_mainlog | sed -e 's#H=.* \[##' -e 's#\]:[0-9]*##' | awk '{print $5,$6}' | sort | uniq -c You can switch the mail se

1) pidof exim 2) Below command will show you the no of emails sent by particular domain: exim -bp | exiqsumm | more 3) exim -bpr | grep “<*@*>” | awk “{print $4}”|grep -v “<>” | sort | uniq -c | sort -n | less This will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure. 4) exim -bpr | grep “<*@*>” | awk “{print $4}”|grep -v “<>” |awk -F “@” “{ print $2}” | sort | uniq -c | sort -n | less That will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number. 5) Find the script which is sending the mass mails :- cd /var/spool/exim/input egrep “X-PHP-Script” * -R You can see the script there, if not seeing there just read the mail id file with your favorite test editor exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” |awk -F “@” ‘{ print $2}’ | sort | uniq -c | sort -n These list the current worki

# HOW TO CREATE A USER IN MYSQL mysql> CREATE USER 'wordpress_user'@'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec) # CREATE A DATABASE mysql> CREATE DATABASE LINUXAVID; Query OK, 1 row affected (0.00 sec) # DROP/DELETE A DATABASE mysql> drop database LINUXAVID; Query OK, 0 rows affected (0.00 sec) #CHECK THE PROCESS LIST root@cpanel [~]# mysqladmin proc +-------+-----------+-----------+-----------+---------+------+-------+------------------+ | Id | User | Host | db | Command | Time | State | Info | +-------+-----------+-----------+-----------+---------+------+-------+------------------+ | 46457 | eximstats | localhost | eximstats | Sleep | 8564 | | | | 47181 | root | localhost | | Query | 0 | | show processlist | +-------+-----------+-----------+-----------+---------+------+-------+------------------+ #CHECK PROCESS LIST

mysqladmin command 1)Change MySQL root password mysqladmin -u root -ptmppassword password 'newpassword' 2) Check MySQL server is up or not mysqladmin -u root -p ping 3) Find MySQL server version mysqladmin -u root -ptmppassword version 4) Show the current MySQL servers status mysqladmin -u root -ptmppassword status 5) Find the values of status variables mysqladmin -u root -ptmppassword extended-status 6) Find the values of MySQL system variables mysqladmin -u root -ptmppassword variables 7) Show all the running process/queries in MySQL databases mysqladmin -u root -ptmppassword processlist 8) Create MySQL database mysqladmin -u root -ptmppassword create testdb 9) Delete database mysqladmin -u root -ptmppassword drop testdb 10) Shutdown the MySQL server mysqladmin -u root -ptmppassword shutdown 11) Kill MySQL client process mysqladmin -u root -ptmppassword kill 20 (20 is the process id with the process list) mysqlshow command 1) Show all the da

Here I have added an exception for our domain “yourdomain.com” on HotLink protection. The rules are given below: RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] RewriteRule \.(jpg|jpeg|png|gif|img)$ – [NC,F,L]

We are going to install php module “iconv” : To search for the php module iconv in the module list installed in the server root@sysadmin[~]# php -m|grep iconv Installation ============= root@sysadmin [~]# cd /home/cpeasyapache/src/php-5.2.9/ext/ root@sysadmin [/home/cpeasyapache/src/php-5.2.9/ext]# cd iconv/ root@sysadmin [/home/cpeasyapache/src/php-5.2.9/ext/iconv]# phpize Configuring for: PHP Api Version: 20041225 Zend Module Api No: 20060613 Zend Extension Api No: 220060519 =============== The phpize command is used to prepare the build environment for a PHP extension. In the following sample, the sources for an extension are in a directory named extname: $ cd extname $ phpize $ ./configure $ make # make install ———————- After the installation needed to add the extension in the php.ini root@sysadmin [/usr/local/lib/php/extensions/no-debug-non-zts-20060613]# vi /usr/local/lib/php.ini root@sysadmin [/usr/local/lib/php/extensions/no-d

I have made the permission of chmod command to 000 for security ( as chmod 000 /bin/chmod), but now how can I recover it ? ================ 1) cd /bin cp -v tar chmod_new cp -v chmod chmod_new mv chmod_new chmod 2) Recover with rpm command [root@vps-1088274-8001 ~]# rpm -qf /bin/chmod coreutils-5.97-34.el5 [root@vps-1088274-8001 ~]# =================

You can try the following by editing the proftpd config file “/etc/proftp.include “  =============== IdentLookups off UseReverseDNS off Quotas on AllowStoreRestart on AllowRetrieveRestart on TimeoutNoTransfer 900 TimeoutIdle 1800 Also it is better to enable passive ftp ports on server. ================

We can do account transfer either through SSH or WHM, see what can be done in SSH as root ================ Take Backup(script.sh) for i in `cat /home/users.txt`; do /scripts/pkgacct $i; done To move backup scp cpmove-*.tar.gz root@IP(New server):/home/ passwd: rm -rf cpmove-* In new Server: restore Backup for i in `cat /home/user.txt`; do /scripts/restorepkg $i; done rm -rf cpmove-* ================ Lets make it more simple for i in `cat /home/user.txt`; do /scripts/pkgacct $i; scp /home/cpmove-$i.tar.gz root@192.40.115.35:/home/; ssh root@192.40.115.35 "/scripts/restorepkg /home/cpmove-$i.tar.gz"; done;  There are many pre and post migration check list which I will discuss soon!

You can issue the below commands to change the MYSQL root password #  /etc/init.d/mysqld stop  Start MYSQL server without password   #  mysqld_safe --skip-grant-tables & Connect MYSQL server using the following command # mysql -u root Then, you will get MYSQL prompt mysql> Then, we have to set up new MYSQL root Password mysql> use mysql; mysql> update user set password=PASSWORD(“newrootpassword”) where user=’root’; mysql> flush privileges; mysql> quit # /etc/init.d/mysqld stop  Then, connect to MYSQL database using new password # mysql -u root -p

You can find out the Apache webserver uptime by the below commands =========== httpd fullstatus | grep uptime -------------------------------------- ps -eo “%U %c %t”|grep httpd |grep -v grep|grep root =========== Run the below command to see how long the Mysql server is up =========== mysql> \s -------------- mysql  Ver 14.14 Distrib 5.5.36, for Linux (x86_64) using readline 5.1 Connection id:        1372917 Current database:    Current user:        root@localhost SSL:            Not in use Current pager:        stdout Using outfile:        '' Using delimiter:    ; Server version:        5.5.36-cll MySQL Community Server (GPL) Protocol version:    10 Connection:        Localhost via UNIX socket Server characterset:    latin1 Db     characterset:    latin1 Client characterset:    utf8 Conn.  characterset:    utf8 UNIX socket:        /var/lib/mysql/mysql.sock Uptime:            44 days 14 hours 19 min 25 sec Threads: 4  Questions: 77643069  Slow queries: 0  Opens: 110654  Fl

CPANEL: /usr/local/cpanel : Cpanel directory /usr/local/cpanel/3rdparty/ : tools like fantastico, mailman files are located here /usr/local/cpanel/addons/ : AdvancedGuestBook, phpBB etc /usr/local/cpanel/base/ : phpmyadmin, squirrelmail, skins, webmail etc /usr/local/cpanel/bin/ : cpanel binaries /usr/local/cpanel/cgi-sys/ : cgi files like cgiemail, formmail.cgi, formmail.pl etc /usr/local/cpanel/logs/ : cpanel access log and error log /usr/local/cpanel/whostmgr/ : whm related files WHM related files: /etc/httpd/conf/httpd.conf apache configuration file /etc/exim.conf mail server configuration file /etc/named.conf name server (named) configuration file /etc/proftpd.conf proftpd server configuration file /etc/pure-ftpd.conf pure-ftpd server configuration file /etc/valiases/domainname catchall and forwarders are set here /etc/vfilters/domainname email filters are set here /etc/userdomains all domains are listed here – addons, parked,subdomains along with their user