Upgrade OpenSSL version Ubuntu

If your apt-get repositories don’t contains any precompiled 1.0.1m OpenSSL version, so just download sources from official website and compile it.

Below the single command line to compiling and install the last openssl version.

curl https://www.openssl.org/source/openssl-1.0.1m.tar.gz | tar xz && cd openssl-1.0.1m && sudo ./config && sudo make && sudo make install

Replace old openssl binary file by the new one via a symlink.

sudo ln -sf /usr/local/ssl/bin/openssl `which openssl`


You are all good !

# openssl version should return

openssl version

OpenSSL 1.0.1m 19 Mar 2015

Note: This workaround will not fix “Nginx and Apache server who have to be recompile with 1.0.1m openSSL sources.”


How to fix SSL V3 Vulnerability (POODLE Vulnerability) in cPanel

Hello Guys,

On October 14, 2014, security experts alerted the general public to a flaw in an obsolete but still-used SSL protocol (SSLv3).

The “POODLE” (Padding Oracle On Downgraded Legacy Encryption) attack can force a connection to “fallback” to SSL 3.0, where it is then possible to steal cookies, which are small data files that enable persistent access to an online service. If stolen, a cookie could allow an attacker access to someone’s Web-based email account, for example.

It’s important to know that this flaw is most likely present in all servers and has nothing to do with the cPanel software. However, servers that currently function only because of SSL 3.0 fallback should be updated.

To accomplish this, please follow these steps. This does not appear to affect SSH and FTP services.


A. For Apache:

1) Go to WHM => Service Configuration => Apache Configuration => Include Editor => Pre Main Include.
2) Select a version or All Versions.
3) Add the following in the text box that appears:

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1

4) Press the Update button and rebuild your Apache configuration.

This will disable SSLv3.0 on your server running Apache.

B. For LiteSpeed:

LiteSpeed has released an update to version 4.2.17. You can force a reinstall by running this command:

# /usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.17

1) Go to WHM => Service Configuration => Apache Configuration => Include Editor => Pre Main Include.
2) Select a version or All Versions.
3) Add the following in the text box that appears:

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1

4) Press the Update button and rebuild your Apache configuration.

This will disable SSLv3.0 on your server running LiteSpeed.


C. For cpsrvd and cpdavd:

1. Create the following files if they do not already exist:


2. Add the following to those files:


Complex protocol strings work for cpdavd for all builds. For cpsrvd, only 11.46 supports complex protocol strings such as “SSL_version=SSLv23:!SSLv2:!SSLv3″, so 11.44 machines would need to enable TLSv1 support only until a fix has been released for case 124993 that is open about this issue. Of note, enabling TLSv1 support only disables TLSv1.1 and TLSv1.2 support.

D. For Dovecot/Courier:

1) Go to WHM => Service Configuration => Mailserver Configuration.
2) Change the SSL Cipher List to:


E. For Exim:

1) Go to WHM => Service Configuration >> Exim Configuration Manager >> Advanced Editor
2) Change the following in tls_require_ciphers:


Please note that for both Dovecot/Courier and Exim above, the suggested cipher lists do NOT disable all SSLv3 support, but only disable the ciphers that use CBC, so some SSLv3 support is still available.

It is possible to completely disable SSLv3 support on these service ports with the following cipher list:


Completely disabling SSLv3 ciphers on the above service ports greatly limits browser compatibility and prevents connections from all but a few modern browsers such as Google Chrome.

And do verify your website here “https://www.tinfoilsecurity.com/poodle”


Correct Ownership of All cPanel account folders

Many time when we rsync the cPanel user’s home directory, genarally all the ownership wil be changed, We can fix it easily by creating a script file mentioned below and the give the execution permissions:

1. Create a script file:

# vim fixperms.sh

2 . Put the below in the file.

echo -e “Checking ownership of /home/user \n”

for i in `ls /var/cpanel/users/`
if [ “$i” != “root” ]; then
chown -R $i:$i /home/$i
chown $i:nobody /home/$i/public_html /home/$i/.htpasswds
chown $i:mail /home/$i/etc /home/$i/etc/*/.shadow /home/$i/etc/*/.passwd
echo $i

3.  Save the file.

4. Give execution permission:

# chmod 755 fixperms.sh

5. Execute the script to fix the permissions:

# sh fixperms.sh

6. That’s it. and see the magic, all directories ownership fixed.

cPanel Web hosts are at Risk – Bash Vulnerability – Shell Shock

On September 24th, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.

What is Shellshock?

This flaw exploits Bash, a Unix command-line shell run by default on most Linux servers.

Allows for remote code execution, and many types of command-line based attacks.

How to check your web server for vulnerability?

Log into your server and via ssh / terminal and run this command:

[root@yourawesomeserver ~]# env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If you are vulnerable it will return:

[root@yourawesomeserver ~]# env x='() { :;}; echo vulnerable' bash -c 'echo hello'

To fix it will depend on your LINUX distribution but you will want to reinstall or update, which ever you prefer:

#sudo apt-get install bash

- or - 

#sudo yum update bash

In CentOS / RedHat / CloudLinux servers:

Login as root to server terminal and execute the command:

# yum -y update bash

OR, if you are not comfortable with terminal,

Login to WHM interface
Go to Home >> Software and click on Update System Software.
Click Proceed to update all software pending update.

Once complete, rerun the test and you will get:

[root@yourawesomeserver ~]# env x='() { :;}; echo vulnerable' bash -c 'echo you are safe now'
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
you are safe now.


How to Install CentOS 7

Finally the much awaited CentOS 7 is out. CentOS (Community Enterprise Operating System) is forked from RedHat Linux, a Linux Distro fine tuned for servers.

In this article you will learn how to install CentOS 7 in a few easy steps.

Step 1: Download The ISO Image

To get a copy of CentOS 7 download from its source mirror. CentOS 7 is now shipping for 64 bit platforms, and currently there is no 32 bit ISO image. This is primarily due to the fact that most servers in production are 64 bit.

Step 2: Make A bootable Drive

After you have downloaded the ISO image burn a bootable DVD.

Step 3: Begin Installation

To begin installation, click on the Install to Hard Drive icon on the desktop.
Desktop Install to Hard Drive

Step 4: Select Language And Keyboard

Select your preferred language as well as the Keyboard type you have. Take care not forget to choose the correct keyboard or else you will end up with a few scrambled keys.

Select Language

Step 5: Change The Installation Destination

By default the Anaconda installer will choose automatic partitioning for your hard disk. Click on the Installation Destination icon to change this to custom partitioning.

Automatic Partitioning

Click on the hard drive you want to install CentOS 7 and under the Other Storage Options, choose I will configure partitioning then click Done.
Configure Partitioning

Step 6: Select The Partitioning Scheme

Next select the partitioning scheme to use for the mount points. In this case choose Standard Partition.

Select Partitioning Scheme

Step 7: Create A Swap Space

You can create a swap space from one of the partitions and set the desired capacity, which is dependent on the RAM you have. Choose the File System for swap space as swap, and click on Reformat, though reformatting is optional. You can also name your swap space to whatever name you like but a name like swap is more descriptive.
Create Swap Space

Step 8: Create A Mount Point

The next step is to create a mount point where the root partition will be installed. Depending on your requirements you might need to put the boot, home and root partition on different mount points. For this case we shall have only one mount point /.

After this set the Label and Desired Capacity to whatever you wish. A rule of thumb is to use descriptive names for the Label especially if the computer is to be used by different system administrators.

Choose the file system as ext4 and click on reformat.

Create a Mount Point

Step 9: Accept Changes

After completing Step 7 and Step 8 successfully click on Done button. A prompt window will appear with a summary of changes that will take place. If you are satisfied with them click Accept changes.
Accept Changes

Step 10: Set Date And Time

Click on the clock icon under the localization menu and select a time zone from the map of the world, then click Done.
Set Date and Time

Step 11: Begin Installation

Now after configuring the System and Localization settings you can click on the Begin Installation button.
Begin Installation

Installation will begin immediately and as it proceeds you need to set up a User account as well as the root password.
configuration during installation

Step 12: Set Up Root Password

Click on the root password option and enter a password and confirmation of the same then click Done.

Set Up Root Password

Step 13: Create a User Account

The next step is to create a user account. Enter the correct details and if this is the administrator account, tick Make this user administrator and Require a password to use this account for security purposes.
Create a User Account

Step 14: Complete Installation

The installer should complete installing the software and the bootloader.
Installing Bootloader

Once complete you should get a success message, after which you can click quit.
Logout from the Live system and login to your new installation.

Finally once you login to your CentOS 7 accept the EULA agreement and enjoy!
Complete Installation

New Features in CentOS 7

The following are some of the notable feature in CentOS 7:

Gnome 3 Desktop Environment

CentOS 7 comes with Gnome 3 which is very convenient when you have a touch screen.

gnome 3 Desktop

It also comes with Gnome Classic for those that want the look and feel of Gnome 2.

gnome classic

CentOS 7 comes with GRUB 2 which solves dual booting problems with other Linux distros that have been using GRUB 2, like Ubuntu. This is an improvement from CentOS 6.5 which used GRUB Legacy and was a problem when dual booting. Now you can do your installation without concerns of GRUB issues.

CentOS 7 has support for the xfs file system which is suitable especially in a distributed type of environment. XFS is known for its ability to handle parallel I/O compared to ext4.

CentOS 7 will also be shipping with MariaDB, a replacement for MySQL.


CentOS 7 has greatly improved from version 6.5 and now is easier to adopt it as a Desktop OS compared to its predecessor. For those that probably cannot keep up with Fedora releases every 6 months, CentOS 7 is a good consideration. Try it out today!


How to take the all hosted databases backup at once

Please find the below steps to take the all hosted databases backup at once.

1. Create a backup directory:

# mkdir /backup/db_backup

2. Export all databases name in mysql.txt file:

# mysql -e “show databases” > /root/mysql.txt

It will generate all the hosted database name in mysql.txt. Open /root/mysql.txt and remove following ( Database, horde, mysql, roundcube, logohlic_DB, performance_schema & information_schema )

3. Shoot the loop script to generate the backups:

# for i in `cat /root/mysql.txt`; do mysqldump $i > /backup/db_backup/$i.sql; done

4. You can put the above command in another file say mysql.sh and use cron to backup regularly and schedule as per your requirement.

5. For date based backup, you can use the following loop, it will generate backup file with date and time:

# for i in `cat /root/mysql.txt`; do mysqldump $i > /backup/db_backup/`/bin/date +”%Y-%m-%d_%H:%M:%S”`_$i.sql; done

Install Memcache Manually in Cpanel

Hi Guys, its very easy to install memcahce to install on cPanel server, please follow the below steps.


1. Go to /usr/local/src/

2. Download package:   wget http://pecl.php.net/get/memcache-3.0.3.tgz

3.  tar -xzvf memcache-3.0.3.tgz

4. cd memcache-3.0.3

5. phpize

6. ./configure

7. make

8. make install


9. Hence edited /usr/local/lib/php.ini to contain


extension = /usr/local/lib/php/extensions/no-debug-non-zts-20100525/memcache.so
memcache.allow_failover = 0

10. Restart Apache service.

Install and Configure MS Exchange Server 2007 on MS Windows Server 2008


I am really excited to say that it was really painless process for me to install Exchange Server 2007 on a VMware running Windows Server 2008. During the installation and configured, I have taken screen shots of steps required to install and configure MS Exchange to help SharePoint professionals, who have no previous background of administering MS Exchange Server like me.

Table 1 lists the various supported scenarios for Exchange and OS versions.

Exchange Version Server OS Supported for Installation
Exchange 2003 Windows 2000 Server SP4Windows Server 2003 (All SP levels and R2)
Exchange 2007 RTM Windows Server 2003 SP1 + SP2 (inc R2)
Exchange 2007 SP1 Windows Server 2003 SP1 + SP2 (inc R2)Windows Server 2008 RTM

Table 1: Exchange/OS versions supported for install

Table 2 sets out the different Domain Controller versions supported by different versions of Exchange.

Exchange Version Domain Controller OS Supported
Exchange 2003 Windows 2000 Server SP4Windows Server 2003 (All SP levels and R2)Windows Server 2008 RTM
Exchange 2007 RTM Windows Server 2003 SP1 + SP2 (inc R2)Windows Server 2008 RTM
Exchange 2007 SP1 Windows Server 2003 SP1 + SP2 (inc R2)Windows Server 2008 RTM

Table 2: The Exchange/Domain Controller support matrix


Steps required to install MS Exchange Server 2007 on a MS Windows Server 2008

  1. Run MS Exchange Server 2007 ISO Image

  2. The Exchange installer wizard will install. Step 1 and Step 2 of the installation wizard will already be installed on MS Windows Server 2008. Click “Step 3: Install Microsoft Windows PowerShell”. A pop up command window will appear as shown above to provide you information on how to install Windows PowerShell.
  3. I have followed the command prompt approach to install Windows PowerShell. Open command window and run the following command:

    ServerManagerCmd –i PowerShell

  4. It takes 2-3 minutes to install Windows PowerShell.

  5. Once Windows PowerShell is installed on your server, run the MS Exchange installer again.

  6. This time, Click “Step 4: Install Microsoft Exchange Server 2007 SP1″. On the Introduction screen, Click Next to proceed.

  7. On the Next screen, Choose “I accept the terms in the license agreement” and Click “Next” to proceed.

  8. On the next screen, choose “NO”, if you don’t want to send Error reports.

  9. Choose Typical Exchange Server Installation in the step below and Click Next to proceed.

  10. Enter Exchange Organisation name and Click Next to proceed.

  11. Click NO, if you don’t have client machines running MS Outlook 2003 or earlier versions. Click Next to proceed.

  12. On the next screen below, Exchange setup will check that all pre-requisite components of the server are installed.

  13. Readiness Check step has identified number of missing windows components on my server.

  • Install Ldifde.exe. Run ServerManagerCmd –i RSAT on the command prompt to install this feature.

  • Ldifde.exe is successfully installed. Now installed all remaining components of IIS 7. Open Server Manager and Select Roles and Click Add Role Service to select all required IIS 7.0 services for MS Exchange Server.

  1. Once you have installed the missing components for MS Exchange, Click Install in the MS Exchange wizard to start the MS Exchange installation.

  2. MS Exchange Server 2007 will install total 6 items as shown in the figure below.

  3. MS Exchange 2007 Server is installed successfully.


Steps required to activate MS Exchange Server 2007 Product Key

  1. Restart the server. Once the server is rebooted, Open MS Exchange Server 2007 Console.

  2. Click Enter Product Key link to open Product Key window. Enter MS Exchange key and click Enter to activate your product.

  3. MS Exchange Server 2007 is successfully activated.


Steps required to create Mailboxes for Domain User Accounts in MS Exchange Server 2007

  1. Run MS Exchange Server 2007 Console. Right Click Mailboxunder Recipient Configuration menu and then Click New Mailboxto create or associate domain user’s mail boxes.

  2. Choose User Mailbox and Click Next to proceed.

  3. In my scenario, I wanted to associate mailboxes for existing users that I had already created on my domain controller for my Integration environment. Click Existing Users option button and Click Add to select users from the domain controller.

  4. On the screen below, specify Mailbox database. Click Next to create mailboxes for the selected existing domain user accounts.

    Now you have successfully created mailboxes for existing domain user accounts. Next step is to open the MS Outlook web access to test an email account. Click Client Access menu in the Server Configuration. On the right side of the screen, you will see OWA folder. Double Click OWA folder to locate the MS Outlook OWA URL as shown in the figure below.

    Open the MS Outlook Web Access URL and after entering user credentials you will see, user’s mailbox.

    Now you are ready to use MS Exchange Server 2007. I do hope that you have found this article useful


Block SPAM via subject line in Zimbra Server

You can block the SPAM through subject line in zimbra, please follow the below steps.


zmlocalconfig | grep header_checks

Most likely you will see the following:
postfix_header_checks = pcre:/opt/zimbra/conf/postfix_header_checks

Now, lets create our own header_checks file. Note: For this wiki, I am going to create a “custom_header_checks” file, but you can create your own file.

touch /opt/zimbra/conf/custom_header_checks

zmlocalconfig -e postfix_header_checks=”pcre:/opt/zimbra/conf/postfix_header_checks, pcre:/opt/zimbra/conf/custom_header_checks”

zmmtactl restart

zmlocalconfig | grep postfix_header_checks

You should see:
postfix_header_checks = pcre:/opt/zimbra/conf/postfix_header_checks, pcre:/opt/zimbra/conf/custom_header_checks

Don’t forget to use postconf to make sure the changes are picked up.

postconf | grep header_checks
If the header_checks are not picked up from the postconf command, run the following command.

zmprov mcf zimbraMtaBlockedExtensionWarnRecipient FALSE

zmmtactl restart

Section III – Editing your custom header checks file
Editing your /opt/zimbra/conf/custom_header_checks is fairly straight forward, just use your favorite editor, i.e vi, nano, emacs.

No need to run postmap against the /opt/zimbra/conf/custom_header_checks

Section IV – Header checks syntax by example
In the interest of brevity and simplicity, I am only going provide a few examples. Honestly, I’ve only scratched the surface of this feature.

/^Subject.*)From U.S. Ambassador to Nigeria/ DISCARD #spam rule no msgs from Nigeria

/^Subject.*)\?KOI8-R\?/ DISCARD #spam rule Russian encoding not allowed by this server

/^From.*)Slice-O-Matic Reviews/ DISCARD #spam rule No slice o-matics

/^From.*)Your Free iPad/ DISCARD #spam rule No thank you

/^From.*)user005@badspammerdomain.com/ DISCARD #spam Known spammer address

/^From.*)Tarot Reading/ DISCARD #spam rule No Tarot reading

/^From.*)someaccount@yahoo.com/ REDIRECTceo@domainexample.com #spam rule redirect all messages from this address

/^From.*)<(.*)@yahoo.com>(.*)/ REDIRECTmonitor@domainexample.com

/^To.*)<(.*)@yahoo.com>(.*)/ REDIRECTmonitor@domainexample.com

How to make some Space if Zimbra Server HDD About to full 100%

You can remove logs to make some space urgently to prevent your Zimbra from crash.



du -sh /var/log

Please pay special attention to the DOT after file names

rm -rf /var/log/zimbra.log.*
rm -rf /var/log/messages.*
rm -rf /var/log/maillog.*
rm -rf /var/log/rpmpkgs.*
rm -rf /var/log/boot.log.*
rm -rf /var/log/cron.*

cat /dev/null > /var/log/maillog
cat /dev/null > /var/log/messages
cat /dev/null > /var/log/zimbra.log
cat /dev/null > /var/log/cbpolicyd.log

du -sh /var/log


du -sh /opt/zimbra/log

rm -rf /opt/zimbra/log/zmswatch.out.*
rm -rf /opt/zimbra/log/myslow.log.*
rm -rf /opt/zimbra/log/zmmailboxd.out.*
rm -rf /opt/zimbra/log/mailbox.log.*
rm -rf /opt/zimbra/log/audit.log.*
rm -rf /opt/zimbra/log/zmmtaconfig.log.*
rm -rf /opt/zimbra/log/zmlogswatch.out.*

du -sh /opt/zimbra/log

du -sh /opt/zimbra/zmstat

rm -rf /opt/zimbra/zmstat/2009-*
rm -rf /opt/zimbra/zmstat/2010-*
rm -rf /opt/zimbra/zmstat/2011-*

du -sh /opt/zimbra/zmstat