La pornirea apache apare urmatoarea eroare:
Apache - No space left on device: Cannot create SSLMutex
Solutia:
ipcs -s | grep apache | awk ' { print $2 } ' | xargs ipcrm sem
Si incercam din nou start la apache.
Putem da kill la toate procesele unui utilizator cu
kill -9 `ps -u utilizator -o "pid="`
Problema e posibil sa apară atunci când unele plugin-uri de cPanel modifică fișierul cpanel al utilizatorului din /var/cpanel/users.
Edităm fișierul /var/cpanel/users/nume_utilizator_cpanel.
Căutăm linia USER=nume_utilizator_cpanel și ștergem tot ce apare după nume_utilizator_cpanel
După editare trebuie rulat:
/scripts/updateuserdomains
Din consolă pentru a șterge toate tabelele dintr-o bază de date mysql putem folosi:
mysql baza_de_date-e "show tables" | grep -v Tables_in|awk '{print "drop table",$1";"}' | mysql baza_de_date
Comunicat SolusLabs:
It has been brought to our attention that a security vulnerability has been found in the Client, Reseller and Admin areas of SolusVM. Even though the chances of this vulnerability being used against a SolusVM installation is low, we have released version 1.7.02 as a Critical security release and advise you to upgrade immediately.
Versiunea curenta de plesk linux se poate afla din consola ssh cu:
cat /usr/local/psa/version
Pentru a modifica parola unui utilizator cPanel din linie de comandă:
/scripts/chpass <utilizator> <parola-nouă>
După modificare trebuie sa rulăm și script-ul următor pentru a sincroniza parola contului ftp.
/scripts/ftpupdate
Din consola pornim:
/scripts/phpextensionmgr install IonCubeLoader
Dupa instalare putem verifica daca e ok:
php -vPHP 5.2.16 (cli) (built: Jan 12 2011 15:17:40) Copyright (c) 1997-2010 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies with the ionCube PHP Loader v3.3.20, Copyright (c) 2002-2010, by ionCube Ltd.
Parallels a anuntat un fix pentru o posibila vulnerabilitate in Plesk 10
Parallels has issued a security hotfix to Parallels Plesk Panel 10.0.1 through the Micro-Updates system.
It is referenced as MU#2 – Plesk admin password changing.
The Micro-Update delivers bug fix for a vulnerability that could allow authorized Plesk users to change Plesk ‘admin’ password and then compromise Control Panel.
For instructions on implementing Micro-updates, please refer to:
http://kb.parallels.com/en/9294 – Using Micro-Updates in Parallels Plesk Panel 9.x, 10.x and Parallels Small Business Panel.
For instructions on upgrading from the panel, please refer to the Administrator Manual at:
http://download1.parallels.com/Plesk/PP10/10.0.1/Doc/en-US/online/plesk-administrator-guide/index.htm?fileName=59215.htm
This notification is made pursuant to our development policy of notifying users when critical security issues arise and making fixes available as soon as possible. Please ensure that this patch has already been applied as soon as possible.
Am primit o notificare de la Parallels referitor la o vulnerabilitate ProFTPD, fiind afectate produsele Plesk 9 si Plesk 10. Noi am actualizat ProFTPD pe serverele cu plesk prin Atomic Rocket Turtle
Comunicatul integral:
ProFTPD Remote Code Execution Vulnerability and Exploit
A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.
ProFTPD bug report: http://bugs.proftpd.org/show_bug.cgi?id=3521
Parallels Plesk Panel 9.x, 9.5x and 10 include this vulnerability. Parallels will issue Micro Updates (hotfixes) for 9.5.2 and 9.5.3 no later than 12:00 GMT (noon) on Thursday November 11, (7:00am EST in the US) to fix this. The patch for Parallels Plesk Panel 10.01 will be released at 17:00 GMT on Thursday November 11, (12:00pm EST in the US). Patches for Plesk 9.0, 9.22, and 9.3 will be posted by 12 noon GMT on Friday November 12, (7am EST in the US). Parallels updates on this will be coming soon.
MORE INFORMATION:
Updating to ProFTPD version 1.3.3c or disabling FTP services is the only current solution to this vulnerability.
ProFTPD is capable of processing TELNET IAC sequences on port 21; the sequences enable or disable certain options not supported by the Telnet or FTP protocol itself. The buffer overflow allows attackers to write arbitrary code to the application’s stack and launch it. Updating to version 1.3.3c of ProFTPD solves the problem.
The update also fixes a directory traversal vulnerability which can only be exploited if the “mod_site_misc” module is loaded. This flaw could allow attackers with write privileges to leave their permitted path and delete directories or create symbolic links outside of the path. The module is not loaded or compiled by default.
A remote root exploit is available: [Full-disclosure]ProFTPD IAC Remote Root Exploit
A Proftpd update for Plesk has been provided by Atomic Rocket Turtle. To apply the update, execute the commands below.
# w get -O - http://www.atomicorp.com/installers/atomic |sh # yum upgrade psa-proftpd
Loading ...