The perl module Encode::Detect::Detector could not be installed

Change the current cpanel version to stable :

vi /etc/cpupdate.conf
CPANEL=stable

/scripts/upcp –force

/scripts/perlinstaller –force Encode::Detect::Detector

If that doesn’t work, please try

/scripts/autorepair encodedetectfix

No luck? then do:

type cpan and from cpan mode type below.

install Detect::Module

If none of the above solution worked, then  there is a temp workaround for manual install.

wget http://search.cpan.org/CPAN/authors/…ct-1.00.tar.gz
unpack it
perl Makefile.PL
vi Detector.xs

Add this patch to Detector.xs

*** 38,43 ****
#define PERL_NO_GET_CONTEXT /* we want efficiency */
#include .EXTERN.h.
#include .perl.h.
+ #undef HASATTRIBUTE_UNUSED
#include .XSUB.h.
}

Then run Build, make etc.

Advertisements

Track Spammers in Plesk

Install qmhandle-1.3.2 from:

http://downloads.sourceforge.net/sourceforge/qmhandle/qmhandle-1.3.2.tar.gz?use_mirror=nchc

cd qmhandle-1.3.2
./qmHandle -s
shows the stats of mails.

To view the mails in queue, please do

# /var/qmail/bin/qmail-qstat
messages in queue: 758
messages in queue but not yet preprocessed: 0

Let’s examine the queue with qmail-qread. Seeing a bunch of strange email addresses in the recipient list usually it’s meaning spam.

# /var/qmail/bin/qmail-qread

Please examine the email content of the emails in the queue using vi or cat  command. Firstly we should find message’s id using qmail-qread, then find the file holding the email in/var/qmail/queue with find command.

# find /var/qmail/queue/ -name (msg id)

Find the IP address from the mail header and remove spam from the queue using qmail-remove

Now, remove spams, they all will end up in the/var/qmail/queue/yanked directory :

# /etc/init.d/qmail stop

# qmail-remove -r -p ‘mail@address.com’

In a few minutes we do have more emails with the same patterns from the same ip address. That’s great, we do have opportunity to examine smtp traffic from the spammer’s ip address. Run tcpdumpand wait a few minutes.

# tcpdump -i eth0 -n src xxx.xxx.xxx.xxx \or dst xxx.xxx.xxx.xxx -w smtp.tcpdump -s 2048

Examining log file with vi we found that spammer is sending spam using LOGIN authentication:

—————————————————

220 ulise.domain.com ESMTP
ehlo User
250-ulise.domain.com
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdA==
334 UGFzc3dvcmQ6
MTIzNDU=
235 go ahead

—————————————————

Then decode the user/pass to see which account is used:

# perl -MMIME::Base64 -e ‘print decode_base64(“dGVzdA==”)’ test

# perl -MMIME::Base64 -e ‘print decode_base64(“MTIzNDU=”)’ 12345

So, someone created a test account with a weak password and someone else guessed it and is sending spam through the server.

Let’s find the domain owning of the mailbox:

[root@ulise ~]# mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa

mysql> SELECT m.mail_name, d.name, a.password FROM mail AS m LEFT JOIN (domains AS d, accounts AS a) ON (m.dom_id = d.id AND m.account_id = a.id) WHERE m.mail_name=’test’ AND a.password=’12345′;
+———–+————+———-+
| mail_name | name       | password |
+———–+————+———-+
| test      | example.com | 12345    |
+———–+————+———-+
1 row in set (0.01 sec)

Next step is to delete test mailbox and send a warning to client.

To improve your server’s security you’ll need to enable:
Server -> Mail -> Check the passwords for mailboxes in the dictionary

Reference : http://www.cherpec.com/2008/07/plesk-howto-debug-spam-problems/

Bootable Linux USB drive

1. Download the version of Linux you wish to install in USB drive

2. Download Unetbooin application from http://downloads.sourceforge.net/sourceforge/unetbootin/unetbootin-windows-357.exe?use_mirror=nchc

3. Open the application Unetbooin

4. Select the second option “Diskimage” and select ISO mode

5. Make sure you have selected the correct location of your USB drive

6. Then click OK

7. When it finish copying, select reboot now and boot from your usb drive

Prevent SYN attacks

1. Enable SYN cookies mechanism in the server by the executing command:

# echo 1 > /proc/sys/net/ipv4/tcp_syncookies

2. Increase the backlog queue to 2048 by the command:

# sysctl -w net.ipv4.tcp_max_syn_backlog=”2048″

Auto reload in Google Chrome

Create a bookmark with the following code as the URL

javascript:
timeout=prompt(“Set timeout [s]”);
current=location.href;
if(timeout>0)
setTimeout(‘reload()’,1000*timeout);
else
location.replace(current);
function reload(){
setTimeout(‘reload()’,1000*timeout);
fr4me='<frameset cols=\’*\’>\n<frame src=\”+current+’\’/>’;
fr4me+='</frameset>’;
with(document){write(fr4me);void(close())};
}

Click the bookmark with the tab you want to auto-reload active.
Set the time interval (in seconds) or set it to zero to cancel auto-reload.

http://www.google.com/support/forum/p/Chrome/thread?tid=1a37ccbdde5902fd&hl=en


Script used to transfer account from cpanel server

#!/bin/bash

ls -1 /var/cpanel/users > /root/user_list

PORT="22"

ssh-keygen -t dsa

KEY=`cat /root/.ssh/id_dsa.pub`

ssh $1 -p$PORT "mkdir -p /root/.ssh;echo ${KEY} >> /root/.ssh/authorized_keys" 2>&1
scp /var/cpanel/packages/* $1:/var/cpanel/packages/

for user in $(cat /root/user_list);do /scripts/pkgacct $user;done
scp /home/user_list $1:/home
scp /home/cpmove* $1:/home