These days I am facing a weird problem with my wordpress websites on a linux shared host.
I had 6 WordPress websites on my Linux shared host service. As two of them were moved to a new server, I tried to cleanup some mess by deleting some of the cached, temp and log files from different folders such as .trash, .cache, tmp and so on. (I don't remember what files are deleted from which folders exactly).
After this cleaning, I can see the main page of the websites but all /wp-admin's are out of reach even if I install a fresh WP.
When I try to access wp-admin I'll get the following error,
and after that I can't see the main pages for a few hours! It seems that cPanel is blocking my IP for a while, because my domain.com/cpanel is also not working after I tried domain/wp-admin.
Unfortunately, the Mesrahosting host provider has a terrible service support and they are not replying my tickets nor Whatsapp messages.
Any idea to solve this problem would be appreciated.
First of all the tmp folder should exist in your cPanel account. If you deleted it you have to create it in /home/cpaneluserame/tmp and it needs to have cpaneluser:cpaneluser ownership and also 755 permissions. That would be a 1st step. Since you are unable to access cPanel then most probably your ip got blocked by the server's firewall or cPhulkd. In most cases the block is just temporary. If you keep trying then depending on the server's firewall configuration and the settings of cPhulkd (that comes with WHM) your blocking time might be increased gradually. Try accessing cPanel from another ip address (use a proxy or VPN service) and see if that works. When you are able to access cPanel be sure to create /tmp folder and then try again and see if that works. If your ip address is permanently blocked then your only chance to unblock it is to request that to your hoster's tech support team.
So if I were you, I would try accessing cPanel from another ip address.
Related
For the context : I'm a student and I must do a project with some other people of my class. My role is to prepare them a web server that each one can use and access from anywhere. I plan to host everything on a dedicated server that I already have to avoid additional cost and give to each people a subdomain that will be redirected with VirtualHosts. They will be able to send files to the server with a SFTP server (openssh), they will get an account per person and it will be chrooted to their virtualhost directory.
My main problem : Will this be secure ? I mean, if one of the user set an easy password or just do anything risky, can someone access the other's people virtualhost or even the host dedicated machine ? I already thought about .htaccess and they will be deactivated. Is there another way to get out of an apache virtualhost ?
Things to note : they will have apache, php and an access to a mysql (or maybe mariadb, I don't know for now) database. So, they may be able to upload some old, unsecure code. Some of these users are not very educated to cybersecurity.
The server is a Ubuntu 16.04 LTS.
Thanks for the advices,
If you limit their access to only their own home directory, that's a good start.
A good layer of security would also be to implement 2FA, check out Duo Mobile, you can implement it for SSH logins (or need more details, eg. what options do they have to login into the server?)
If the users are not very educated in cybersecurity as you mentioned, it will be difficult for them to escape the virtual host they have access to.
Although i need more details such as each virtual host will have a separate database or it will be talking to a central database? also, for a paranoid measure, consider where the server is hosted. There are lots of variables that can be affirmed from what you described, but it is best to keep the server on its own network with nothing critical in the same subnet. Just in case.
I have a slight problem bit of the back story. recently ive been trying to test out univention which is a linux distribution with the goal of being able to replace Microsoft active directory.
I tested it locally and all went reasonably well after a few minor issues i then decided to test it remotely as the company wants to allow remote users to access this so i used myhyve.com to host it and its now been setup successfully and works reasonably well.
however
my main problem is DNS based as when trying to connect to the domain the only way windows will recognize it is by editing the network adapter and setting ip v4 dns server address to the ip address of the server hosting the univention active directory replacement. although this does allow every thing to work its not ideal and dns look up on the internet are considerably longer. i was wondering if any one had any ideas or have done something similar and encountered this problems before and know a work around. i want to avoid setting up a vpn if possible.
after initially registering the computer on the domain i am able to remove the dns server address and just use a couple of amendments to the HOST file to keep it running but this still leads to having issues connecting to the domain controller sometimes and is not ideal. any ideas and suggestions would be greatly received.
.Michael
For the HOST entries, the most likely issue is, that there are several service records a computer in the domain needs. I'm not sure, whether these can be provided via the HOST file or not but you'll definitely have authentication issues if they are missing. To see the records your domain is using issue the following commands on the UCS system.
/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
For the slow resolution of the DNS records there are several points where you could start looking. My first test would be whether or not you are using a forwarder for the web DNS requests and whether or not the forwarder is having a decent speed. To check if you are using one, type
ucr search dns/forwarder
If you get a valid IP for either of the UCR Variables, dns/forwarder1, dns/forwarder2 or dns/forwarder3, you are forwarding your DNS requests to a different Server. If all of them are empty or not valid IPs then your server is doing the resolution itself.
Not using a forwarder is often slow, as the DNS servers caching is optimized for the AD operations, like the round robin load balancing. Likewise a number of ISPs require you to use a forwarder to minimize the DNS traffic. You can simply define a forwarder using ucr, I use Google on IPv4 for the example
ucr set dns/forwarder1='8.8.8.8'
The other scenario might be a slow forwarder. To check it try to query the forwarder directly using the following command
dig univention.com #(ucr get dns/forwarder1)
If it takes long, then there is nothing the UCS server can do, you'll simply have to choose a different forwarder from the ucr command above.
If neither of the above helps, the next step would be to check whether there are error messages for the named daemon in the syslog file. Normally these come when you are trying to manually remove software or if the firewall configuration got changed.
Kevin
Sponsored post, as I work for Univention North America, Inc.
I re pointed my domain and it works for other people on both their PC and mobile, however when I try to load it on my local connection/wifi, it just loads a page with the words "OK." I suppose all I can do is wait, but not sure what the problem is.
When you say others, are they on the same network as you?
Have you tried flushing the DNS on your computer?
There may be a couple of factors at play, can we have a little more info.
If this is affecting all computers within your organisation it may be the site has the same name as the domain and the DNS server needs to be manually updated to point to an external website. It may also be that the DNS records has stale records, to manually delete these you have to open up DNS in the advanced view.
If it is just your PC and every other PC in the building can access is you may need to flush your DNS ( Windows Key + R, Type 'cmd' and then hit enter, then type ipconfig /flushdns and hit enter ).
Some routers keep an internal DNS cache, you can normally flush this by restarting the router.
Finally, there may just be a delay in the DNS records propogating globally, you can check the progress using tools like https://www.whatsmydns.net/
I uploaded a cakephp based application on new server. But, dns is not defined for that IP. When I try open website by IP address directly it shows Error 404. Can anyone please suggest me that how can I open website on browser?
Thanks
Most likely the webserver isn't configured to accept connections using the direct IP. If you're using a apache webserver, you should most likely change the virtual host. More information here: http://httpd.apache.org/docs/2.2/vhosts/
Nginx has a similar system which is explained here: http://httpd.apache.org/docs/2.2/vhosts/
Most web servers have some similar system. This makes it possible to host multiple websites with several DNS on one physical computer. If you can't access the configuration files yourself, you should contact your host.
I've installed a WordPress instance on a Linux server, and I need to give it FTP access in order to install plugins and execute automatic backup/restores. I've just installed vsftpd, and started the service, but now what?
How do I figure out/set what the username/pass is?
Should I allow anonymous access?
Is the hostname just 'localhost'?
Any advice would be appreciated. I've never messed with FTP on linux before. Thanks-
Your question is a little unclear because you don't specify what aspect of wordpress "wants" FTP access. If you got WP installed, you clearly have at least some access to the machine already. That said, I'll try to answer around that inclarity.
Your questions in order, then some general thoughts:
How do I figure out/set what the username/pass is?
Remember that the man page for a program is a good first stop. A good man page will also contain a FILES or "SEE ALSO" section near the bottom that will point you to relevant config files.
In this case, "man vsftpd" mentions /etc/vsftpd.conf, so you can then do "man vsftpd.conf" to get info on how to configure it.
VSFTPD is configurable, and can allow users to log in in several ways. In the man page, check out "guest_enable" and "guest_username", "local_enable" and "user_sub_token".
*The easiest route for your single user usage is probably configuring local_enable, then your username and password would be whatever it is in /etc/password.*
Should I allow anonymous access?
No. Since you're using this to admin your Wordpress, there's no reason anyone else should be using this FTP. VSFTPD has this off by default.
Is the hostname just 'localhost'?
Depends where you're coming from. 'localhost' maps back to the loopback, or the same physical machine you're on. So if you need to put ftp configuration information for Server A into a wordpress configuration file on Server A, then 'localhost' is perfectly acceptable. If you're trying to configure the pasv_addr_resolve/pasv_addr flag of VSFTPD, then no, you'll want to either pass in the fully qualified name of Server A (serverA.mydomain.com), or leave it off an rely on the IP address.
EDIT: I actually forgot the critical disclaimer to never send credentials over plain FTP. Plain old FTP (meaning not SFTP) sends your username and password in cleartext. I didn't install VSFTP and play with it, but you'll want to make sure that there is some form of encryption happening when you connect. Try hitting it with WinSCP (from windows) or sftp (from linux) to make sure you're getting an ecrypted SFTP, rather than plaintext FTP.
Apologies if you already knew that ;)
You would probably get better answers on server fault.
That said:
vsftp should use your local users by default, and drop you in that user's home directory on login.
disable anonymous access if you don't need it, I don't think wordpress will care but your server will be safer.
yes, or 127.0.0.1, or your public IP if you think you might split the front and back end some day.
WordPress does not natively support SFTP. You can get around this two ways:
chmod permissions in the appropriate directories to allow the normal, automatic update to work correctly. This is the approach most certain to work, as long as it doesn't trip over any local security policies.
Try hacking it in yourself. There have been any number of threads on this at the WordPress.org forums. Here is a recent one which is also talking about non-standard ports. Here is an article about how to try to get it working on Debian Lenny (which also addresses the non-standard port issue).