Cpanel – Globally disabling the Email Catch-All feature

Spammers love nothing more than launching dictionary attacks on unsuspecting domains using the ‘catch-all’ feature.  This causes multiple problems — the main issues are excessive server load, disk usage, and spam volume.  The worse issue is that once spammers catch on to the fact your domain has a catch-all, they will launch spam campaigns with your domain as the sending domain and all of their backscatter will flood your inbox with legitimate bounces.  If you haven’t been the target of backscatter, keep it that way and disable your catch-all!

The following how-to explains how to manually disable the catch-all on every site.  Since there is no way to prevent a user from re-enabling the catch-all in their Cpanel account, you might consider setting this up to run via Cron every hour or so.

First, back up the virtual aliases:

mkdir /etc/valiasesbackup
cp -p /etc/valiases/* /etc/valiasesbackup

Then, check which sites have a catch-all enabled:

grep '*:' /etc/valiases/* | egrep -v ':fail:'

Disable the catch-all on any site(s) with catch-all enabled. After you do this, run the previous command again to make sure it worked — if it does, it shouldn’t return anything.

sed -i 's/^\*: [^ ]*$/*: :fail: ADDRESS DOES NOT EXIST/g' /etc/valiases/*

If something goes horribly wrong, you can restore the backup you just made:

cp -p –reply=yes /etc/valiasesbackup/* /etc/valiases

Enjoy

Categories: Linux. Comments Off on Cpanel – Globally disabling the Email Catch-All feature

Cpanel / SuPHP Part 2 – Fix Ownership Issues

In addition to the correct chmod of files and folders (see part 1), you must ensure that all public_html files and folders have the correct (user and group) ownership.  The following Perl code will eliminate nobody/root ownership.  Place the Perl script into your /home directory and execute it.

#!/usr/bin/perl -w

my @dirs = grep -d,<*>;

foreach my $user (@dirs) {
`chown -R $user:$user $user/public_html/*`;
}

MySQL: How To Repair & Optimize All Tables in All Databases

The following command can be used to repair and optimize all tables in a MySQL database.  This can be useful on a busy server with many tables after a hard reboot or otherwise unclean shutdown.

mysqlcheck -u root -p --auto-repair --optimize --all-databases

Cpanel / SuPHP – chmod All Files 644, All folders 755

When switching from DSO to SUPHP in cpanel (a must for anyone who takes security seriously on a public webserver), one must pay careful attention to the insecure permissions of user’s public_html folders.  The following commands will look in every user’s html folder and make the appropriate CHMOD to allow php to properly execute under SUPHP.  Don’t forget to also check for files owned by ‘nobody’ or ‘root’ — they will also fail with a 500 error.

find /home/*/public_html/ -type d -print0 | xargs -0 chmod 0755 # For directories
find /home/*/public_html/ -type f -not -name "*.pl" -not -name "*.cgi" -not -name "*.sh" -print0 | xargs -0 chmod 0644 # For files
find /home/*/public_html/ -type f -name "*.cgi" -print0 -o -name "*.pl" -print0 -o -name "*.sh" -print0 | xargs -0 chmod 0755 # For CGI/Scripts

UPDATE: Part 2 – Fixing Ownership

UPDATE: File permission command updated to exclude Perl/CGI. These still need to be 755 (not 644).

UPDATE: Exclude files in 644, add another for scripts/cgi. These still need to be 755 (not 644).

Creating a .tar.gz archive (*nix ‘tarball’)

The following command can be used to create a .tar.gz archive, commonly referred to as a ‘tarball’ file.

tar -pczf name_of_your_archive.tar.gz file1 file2 directory1 directory2 ect...

Categories: Linux. Comments Off on Creating a .tar.gz archive (*nix ‘tarball’)

Cpanel/Exim with external spam filtering appliances

We have a unique setup at my work.  All of the webhosting appliances have built in spam-filtering software.  However, we have external spam-filtering appliances that are 99% more effective.  It makes sense to keep CPU intensive spam filtering off of the webhosting servers which should be focusing their efforts on serving up PHP and MySQL queries.

It seems spammers are getting more and more savvy (or should I say desperate?) and have developed several means to bypass spam-filters.  One of those which seems to be getting more popular lately, is to completely ignore a domain’s MX records and deliver spam directly to the website’s IP address.  For most virtual hosting and some dedicated hosting setups using an external or 3rd party spam-filtering service, this can be quite effective.  Lately it has been plaguiing several of our clients who are reporting an increase in spam, but cannot find copies of it in the spam filter interface.

To make a long story short, I was able to coerce Exim into rejecting these direct delivery attempts.

Log into WHM and click “Exim Configuration Editor”

Then click “Advanced Editor”

Add the following to the empty box at the top:

domainlist relay_domains = lsearch;/etc/secondarymx

Now we need to tell Exim to be nice to our spam-filtering appliances (don’t reject the clean mail coming in from them) by adding a list of their IPs in to /etc/alwaysrelay.

Restart Exim, done!