How to check if suexec enabled or not

You can use following steps to check the server for suexec

1) Login into you server as root and fire following command

#/usr/local/cpanel/bin/rebuild_phpconf --current

If server is Suexec then result would look like


PHP4 SAPI: suphp

PHP5 SAPI: suphp

SUEXEC: enabled

2) If you are not sure about Shell then you can also check the SuExec is enabled or not? from your WHM.Lgin into your WHM and in the menu find Configure PHP and SuExec

Check the drop down box for “PHP 4/5 Handler” – and if beside that it says “suPHP” – Then your sever is SuExec enabled

3) If you don’t have root access, you can create a php file (test.php) in your account from cPanel >> File Manager and change the permissions on that file to 777 and open it in a browser. If it gives 500 Internal Server Error, your most probably running suPHP.

4)As well as you can also create the phpinfo page in your account from your cPanel >> File manager For ex. phpinfo.php with the following code;

<? phpinfo() ?>

After creating phpinfo.php page browse it and if it shows

Server API = Apache then server is not running PHP in Suexec mode

And if

Server API = CGI the server is running PHP in Suexec mode.

Yum installation on a cPanel VPS

The OS template used for a cPanel VPS doesn’t include yum, you need to install it manually.

You can install Yum on Linux centOS 5.x 32 Bit server by installing following RPMS.

# rpm -ivh

# rpm -ivh

# rpm -ivh

# rpm -ivh

# rpm -ivh

# rpm -ivh

# rpm -ivh

# rpm -ivh –nodeps

# rpm -ivh

After all RPMs installd, run

# yum update

That’s it!

Enable slow query log in a cPanel/Linux server

To enable slow query log in cpanel server, you can use following steps.

Add following to following to /etc/my.cnf file on server.

# vi /etc/my.cnf


After that, do the following commands to create the file with the right ownership and file permissions

# touch /var/lib/mysql/slow.log

# chmod 660 /var/lib/mysql/slow.log

# chown mysql:mysql /var/lib/mysql/slow.log

Restart the mysql server and check the logs in /var/lib/mysql/slow.log.

Mysql Error: Can’t create/write to file (Errcode: 17)

Sometimes you may face the error for a mysql driven website. All of sudden a site has started to display this error:

Can’t create/write to file ‘#sql_5a0_0.MYD’ (Errcode: 17)

Its MySQL error, MySQL is saying the it cannot write to that directory. Its most probably related file exists in that directory. The /tmp is a folder used for temporary files and folders of all users on a server. In this case you need to empty the /tmp folder.

On shell

# cd /tmp

# rm -rf *.MYD

# service mysql restart

Its done!

If you still have problem with this, better check the disk space on your server and delete unwanted files, folders and log files.

How to optimize the MySQL using scripts

To optimize the mysql, you can use either of the scripts provided below.

The first one is MysqlTuner

The MysqlTuner is a Perl script that analyzes your MySQL performance and, based on the statistics it gathers, gives recommendations which variables you should adjust in order to increase performance. That way, you can tune your my.cnf file to tease out the last bit of performance from your MySQL server and make it work more efficiently.

You can download the MySQLTuner script by

# wget

# chmod 755

Once you make the .pl script executable

# ./

It will show output as below (its sample output)

>> MySQLTuner 1.0.0 – Major Hayden

>> Bug reports, feature requests, and downloads at

>> Run with ‘–help’ for additional options and output filtering

——– General Statistics ————————————————–

[–] Skipped version check for MySQLTuner script

[OK] Currently running supported MySQL version 5.0.81-community

[!!] Switch to 64-bit OS – MySQL cannot currently use all of your RAM

——– Storage Engine Statistics ——————————————-

[–] Status: +Archive -BDB -Federated +InnoDB -ISAM -NDBCluster

[–] Data in MyISAM tables: 374M (Tables: 3987)

[–] Data in InnoDB tables: 3M (Tables: 98)

[–] Data in MEMORY tables: 0B (Tables: 2)

[!!] Total fragmented tables: 201

——– Performance Metrics ————————————————-

[–] Up for: 14d 0h 24m 52s (12M q [10.043 qps], 491K conn, TX: 3B, RX: 1B)

[–] Reads / Writes: 86% / 14%

[–] Total buffers: 442.0M global + 12.3M per thread (100 max threads)

[OK] Maximum possible memory usage: 1.6G (41% of installed RAM)

[OK] Slow queries: 0% (91/12M)

[!!] Highest connection usage: 100% (101/100)

[OK] Key buffer size / total MyISAM indexes: 384.0M/111.0M

[OK] Key buffer hit rate: 100.0% (3B cached / 1M reads)

[OK] Query cache efficiency: 75.8% (7M cached / 9M selects)

[!!] Query cache prunes per day: 33741

[OK] Sorts requiring temporary tables: 0% (1 temp sorts / 1M sorts)

[!!] Joins performed without indexes: 53627

[!!] Temporary tables created on disk: 35% (587K on disk / 1M total)

[OK] Thread cache hit rate: 99% (2K created / 491K connections)

[!!] Table cache hit rate: 1% (512 open / 38K opened)

[OK] Open file limit used: 24% (1K/4K)

[OK] Table locks acquired immediately: 99% (3M immediate / 3M locks)

[OK] InnoDB data size / buffer pool: 3.7M/8.0M

——– Recommendations —————————————————–

General recommendations:

Run OPTIMIZE TABLE to defragment tables for better performance

Enable the slow query log to troubleshoot bad queries

Reduce or eliminate persistent connections to reduce connection usage

Adjust your join queries to always utilize indexes

When making adjustments, make tmp_table_size/max_heap_table_size equal

Reduce your SELECT DISTINCT queries without LIMIT clauses

Increase table_cache gradually to avoid file descriptor limits

Variables to adjust:

max_connections (> 100)

wait_timeout (< 28800)

interactive_timeout (< 28800) query_cache_size (> 32M)

join_buffer_size (> 128.0K, or always use indexes with joins)

tmp_table_size (> 32M)

max_heap_table_size (> 16M)

table_cache (> 512)

Check the “Recommendations” and edit the my.cnf accordingly.

You can use another script as below.

Its MySQL Performance Tuning Primer Script which can be downloadd from

# wget

# chmod 755

# ./

It will provide sample output as below.


– By: Matthew Montgomery –

MySQL Version 5.0.81-community i686

Uptime = 30 days 0 hrs 20 min 55 sec

Avg. qps = 10

Total Questions = 12160398

Threads Connected = 3

Server has been running for over 65hrs.

It should be safe to follow these recommendations

To find out more information on how each of these

runtime variables effects performance visit:


for info about MySQL’s Enterprise Monitoring and Advisory Service


The slow query log is NOT enabled.

Current long_query_time = 10 sec.

You have 90 out of 12160419 that take longer than 10 sec. to complete

Your long_query_time may be too high, I typically set this under 5 sec.


The binary update log is NOT enabled.

You will not be able to do point in time recovery



Current thread_cache_size = 8

Current threads_cached = 5

Current threads_per_sec = 0

Historic threads_per_sec = 0

Your thread_cache_size is fine


Current max_connections = 100

Current threads_connected = 3

Historic max_used_connections = 101

The number of used connections is 101% of the configured maximum.

You should raise max_connections


Max Memory Ever Allocated : 1.63 G

Configured Max Per-thread Buffers : 1.20 G

Configured Max Global Buffers : 426 M

Configured Max Memory Limit : 1.61 G

Physical Memory : 3.96 G

Max memory limit seem to be within acceptable norms


Current MyISAM index space = 108 M

Current key_buffer_size = 384 M

Key cache miss rate is 1 : 3157

Key buffer free ratio = 85 %

Your key_buffer_size seems to be fine


Query cache is enabled

Current query_cache_size = 32 M

Current query_cache_used = 18 M

Current query_cache_limit = 1 M

Current Query cache Memory fill ratio = 59.10 %

Current query_cache_min_res_unit = 4 K

MySQL won’t cache query results that are larger than query_cache_limit in size


Current sort_buffer_size = 2 M

Current read_rnd_buffer_size = 8 M

Sort buffer seems to be fine


Current join_buffer_size = 132.00 K

You have had 53627 queries where a join could not use an index properly

You should enable “log-queries-not-using-indexes”

Then look for non indexed joins in the slow query log.

If you are unable to optimize your queries you may want to increase your

join_buffer_size to accommodate larger joins in one pass.

Note! This script will still suggest raising the join_buffer_size when

ANY joins not using indexes are found.


Current open_files_limit = 4096 files

The open_files_limit should typically be set to at least 2x-3x

that of table_cache if you have heavy MyISAM usage.

Your open_files_limit value seems to be fine


Current table_cache value = 512 tables

You have a total of 4104 tables

You have 512 open tables.

Current table_cache hit rate is 1%, while 100% of your table cache is in use

You should probably increase your table_cache


Current max_heap_table_size = 16 M

Current tmp_table_size = 32 M

Of 1081722 temp tables, 35% were created on disk

Effective in-memory tmp_table_size is limited to max_heap_table_size.

Perhaps you should increase your tmp_table_size and/or max_heap_table_size

to reduce the number of disk-based temporary tables

Note! BLOB and TEXT columns are not allow in memory tables.

If you are using these columns raising these values might not impact your

ratio of on disk temp tables.


Current read_buffer_size = 2 M

Current table scan ratio = 1537 : 1

read_buffer_size seems to be fine


Current Lock Wait ratio = 1 : 1545

You may benefit from selective use of InnoDB.

If you have long running SELECT’s against MyISAM tables and perform

frequent updates consider setting ‘low_priority_updates=1′

If you have a high concurrency of inserts.

How to Install mod_pagespeed in a cPanel/Linux server

The mod_pagespeed is an open-source Apache module that automatically optimizes web pages and resources. It does this by rewriting the resources using filters that implement web performance best practices. Webmasters and web developers can use mod_pagespeed to improve the performance of their web pages when serving content with the Apache HTTP Server.

The mod_pagespeed includes several filters that optimizes JavaScript, HTML and CSS stylesheets. It also includes filters for optimizing JPEG and PNG images. The filters are based on a set of best practices known to enhance web page performance. For now the module is compatible with Apache version 2.2 and is now available as a down-loadable binary for i386 and x86-64bit systems.

You can check the wiki here

To install the mod_pagespeed, use steps provided below.

For 32Bit system

# cd /usr/local/src

# mkdir mod_pagespeed

# cd mod_pagespeed

# wget…rrent_i386.rpm

# rpm2cpio mod-pagespeed-beta_current_i386.rpm | cpio -idmv

# cp /usr/local/src/mod_pagespeed/usr/lib/httpd/modules/ /usr/local/apache/modules/

# cp /usr/local/src/mod_pagespeed/etc/httpd/conf.d/pagespeed.conf /usr/local/apache/conf/

# chmod 755 /usr/local/apache/modules/

# mkdir /var/mod_pagespeed/{cache,files} -p

# chown nobody:nobody /var/mod_pagespeed/*

For 64Bit system

# cd /usr/local/src

# mkdir mod_pagespeed

# cd mod_pagespeed

# wget…ent_x86_64.rpm

# rpm2cpio mod-pagespeed-beta_current_x86_64.rpm | cpio -idmv

# cp /usr/local/src/mod_pagespeed/usr/lib64/httpd/modules/ /usr/local/apache/modules/

# cp /usr/local/src/mod_pagespeed/etc/httpd/conf.d/pagespeed.conf /usr/local/apache/conf/

# chmod 755 /usr/local/apache/modules/

# mkdir /var/mod_pagespeed/{cache,files} -p

# chown nobody:nobody /var/mod_pagespeed/*

The mod_pagespeed needs mod_deflate to be loaded in Apache. If it is not yet installed, you can just include the same from apache source by,

# /usr/local/apache/bin/apxs -c -i /home/cpeasyapache/src/httpd-2.2.16/modules/filters/mod_deflate.c

After that, we’ll have to edit the mod_pagespeed configuration file located at /usr/local/apache/conf/pagespeed.conf to reflect the correct paths, the LoadModule directives should fetch the modules in “modules/”

LoadModule pagespeed_module modules/
LoadModule deflate_module modules/
ModPagespeedFileCachePath   "/var/mod_pagespeed/cache/"
ModPagespeedGeneratedFilePrefix   "/var/mod_pagespeed/files/" 

And finally, include pagespeed.conf in /usr/local/apache/conf/httpd.conf:

Include “conf/pagespeed.conf”

And finally, restart your HTTP server by

# service httpd restart

If everything is fine, apache will start normally and as your domains begin to get hits, you will see data being written in to /var/mod_pagespeed/*. Just a reminder that this module seems to write a lot of data in apache error log. You might need to monitor the server load and i/o stats for some time to ensure that everything is stable.

You can check the mod_pagespeed docs here

Perl Module installation in a Linux/cPanel server?

There are various ways to download and install perl modules from CPAN. In general it’s a good idea to download and install the perl module but we will see the different ways of installing the perl module.

1. The easiest way is to use the perl CPAN module. SSH to the server as root and execute:

# cpan

If you are running this for the first time, it will prompt you for a few questions (default answers are fine) before providing you with the “cpan >” prompt. To install a module, say for example “Perl::OSType”, execute

# cpan > install Perl::OSType

this will download and compile the module and install it server wide. To know more commands/options of cpan, type question mark ( ? ) at the cpan prompt.

2. The second and the quickest method is to use perl CPAN module from the bash prompt instead of ‘cpan’ prompt. If you are on the command line of Linux, just execute

# perl -MCPAN -e ‘install Perl::OSType’

3. The above 2 methods are the easiest one but it is recommended to install the module manually as the above methods may not always work. You can search the module at and then wget it on your server. Once done, extract it:

# tar -zxf Perl-OSType-1.002.tar.gz

There is a standard way of installing the perl module, however, you will see a README file inside the extracted directory containing the installation steps. Goto the extracted directory and execute

# perl Makefile.PL

# make

# make test

# make install

Or you can use perl module installer script as well.

It’s simplest to install a perl module from the shell:

# /scripts/perlinstaller module


# /scripts/perlinstaller Inline::C

If you’re not sure of the module name, you can search for it on cpan:

Or you can use Perl Module Installer in WHM;

This WHM feature allows you to download and install a Perl module. It works by providing an interface that lets you search through the central Perl repository known as CPAN ( WHM then returns a list of Perl modules that match your search criteria, allowing you to click on any of the relevant search results to download and install the module.

To search for and install a Perl module:

1. Enter your search criteria into the available text field. Alternatively:

You can also view a list of Perl modules available from CPAN by clicking Show Available Perl Module(s). The list is limited, however; an exhaustive list is available at

If you know the exact name of the module you wish to install, you may install it by entering its name in the Install a Perl Module text box and clicking Install Now.

2. Click Go.

WHM will display the matching Module Name, Version, Description, and any Actions you may perform.

3. Click the Install button next to the module you would like to download and install.

You may also view a module’s documentation by clicking its corresponding Show Docs button.

If you did not find the desired module, you may continue searching from the search results page using the Search field and Go button.

Thats it.

How to install/upgrade roundcube in a cPanel/Linux server

Before installing roundcube on a cPanel server you should know your mysql root password. Replace DATABASEPASSWORD with your mysql root password.

If Roundcube is already installed, you need to uninstall it.

Uninstall/remove exiting RoundCube

# cd /usr/local/cpanel/base

# rm -rf roundcube*

On mysql prompt

mysql -e ‘drop database roundcube’;

# /scripts/upcp

Now follow the  steps to update/install latest roundcube. You will have to specify your root password when prompted.

# cd /usr/local/cpanel/base

# wget -O roundcube.tar.gz

# roundcubemail/roundcubemail-0.2.1.tar.gz

# rm -rf roundcube.tar.gz

# mv -f roundcubemail-0.2.1/ roundcube

# cd roundcube

# chmod -R 777 temp

# chmod -R 777 logs

Database Configuration

Create the database, database user and install the intial sql file. The following commands will do this for you.

mysql -e “CREATE DATABASE roundcube;”

mysql -e “GRANT ALL PRIVILEGES ON roundcube.* TO [email protected] IDENTIFIED BY



mysql -e “use roundcube; source SQL/mysql.initial.sql;”

You will have to replace the roundcube password with ‘DATABASEPASSWORD’ field.

Roundcube Configuration

# cd config

# mv

# mv

then open database configruation file in your favroite editor.

# vi

Find following line

$rcmail_config[‘db_dsnw’] = ‘mysql://roundcube:[email protected]/roundcubemail’;

Replace it with

$rcmail_config[‘db_dsnw’] = ‘mysql://roundcube:[email protected]/roundcube’;

Now Open

# vi


$rcmail_config[‘default_host’] = ”;

Replace with

$rcmail_config[‘default_host’] = ‘localhost’;

Configure cPanel to show roundcube in the theme. Please note this is for the X theme(default) only!! If you use another theme please skip the next part and see below.

# cd /usr/local/cpanel/base/roundcube/skins/default/images/

# cp –reply=yes roundcube_logo.png /usr/local/cpanel/base/frontend/x/images/roundcube_logo.png

# cp –reply=yes roundcube_logo.png /usr/local/cpanel/base/webmail/x/images/roundcube_logo.png

# cd /usr/local/cpanel/base

# wget

# patch -p0 < HGpatch-roundcube-1.0BETA2

# chattr +i /usr/local/cpanel/base/frontend/x3/webmaillogin.html

# chattr +i /usr/local/cpanel/base/webmaillogin.cgi

Restart the mysql, cpanel services on your server. You are done!, have fun with your new Roundcube installation!!

You can access roundcube by

Rkhunter installation and cron Job Setup

Rkhunter is RootKit Hunter. It is a scanning tool which will scan for rootkits, backdoors, and local exploits. RKHunter will ensure you about 99.9% that your dedicated web server is secure.

# cd /usr/local/src/

# wget

# tar -xzvf rkhunter-*.tar.gz

# cd rkhunter*

# ./ –install

You can test the installation by typing following command.
Note: If successful, this scan will take about 2/3 minutes to complete.

# /usr/local/bin/rkhunter –c

Update rkhunter by

# rkhunter –update

Setup RKHunter to e-mail you you daily scan reports.

# vi /etc/cron.daily/

Add The Following:


(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Daily RKHunter Scan Report” [email protected])

# chmod +x /etc/cron.daily/

You can set up the cron as below as well.


( /usr/local/bin/rkhunter –versioncheck

/usr/local/bin/rkhunter –update

/usr/local/bin/rkhunter –cronjob –report-warnings-only

) | /bin/mail -s ” rkhunter output” [email protected]

You have now setup a daily cron, that will email you the results of your RKHunter scan.


rkhunter <parameters>

–checkall (or -c)Check the system, performs all tests.
–createlogfile*Create a logfile (default /var/log/rkhunter.log)
–cronjobRun as cronjob (removes colored layout)
–help (or -h)Show help about usage
–nocolors*Don’t use colors for output (some terminals don’t like colors or extended layout characters)
–report-mode*Don’t show uninteresting information for reports, like header/footer. Interesting when scanning from crontab or with usage of other applications.
–skip-keypress*Don’t wait after every test (makes it non-interactive)
–quick*Perform quick scan (instead of full scan). Skips some tests and performs some enhanced tests (less suitable for normal scans).
–versionShow version and quit
–versioncheckCheck for latest version

DDOS attack prevention by using mod_evasive

What is Mod_evasive?

One way to stop one of the more basic attacks on a server is mod_evasive. This article will assist you the process of installing and configuring mod_evasive. This apache module will help you to protect the server against people sending too many requests to the webserver in an attempt to flood it. If it detects too many connections from a specific IP, that  IP  will be blocked on the server. This is especially useful when the server is continuously attacked. With the default configuration it will block the offending IP for 10 minutes. If it continues to try and flood mod_evasive will automatically add more time to this.


Follow these commands for Apache 1.3.x.
# cd /usr/local/src
# wget
# tar -zxf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# /usr/local/apache/bin/apxs -cia mod_evasive.c
Follow this commands for Apache 2.0.x.
# cd /usr/local/src
# wget
# tar -zxf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# /usr/sbin/apxs -cia mod_evasive20.c


If you are adding this module to apache 1.3.x, the following lines need to be added to the httpd.conf  below the AddModule section.

<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600

If you are using apache 2.0.x, you need to scroll down to the LoadModule section in the httpd.conf and add the following:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 10
DOSBlockingPeriod 600

Exit and save the httpd.conf

Now you need to restart the apache service..

# service httpd restart

It should be working for you.


The hash table size defines the number of top-level nodes for each child’s hash table. Increasing this number will provide faster performance by decreasing the number of iterations required to get to the record, but consumes more memory for table space. You should increase this if you have a busy web server. The value you specify will automatically be tiered up to the next prime number in the primes list (see mod_evasive.c for a list of primes used).


This is the threshold for the number of requests for the same page (or URI) per page interval. Once the threshold for that interval has been exceeded, the IP address of the client will be added to the blocking list.


This is the threshold for the total number of requests for any object by the same client on the same listener per site interval. Once the threshold for that interval has been exceeded, the IP address of the client will be added to the blocking list.


The interval for the page count threshold; defaults to 1 second intervals.


The interval for the site count threshold; defaults to 1 second intervals.


The blocking period is the amount of time (in seconds) that a client will be blocked for if they are added to the blocking list. During this time, all subsequent requests from the client will result in a 403 (Forbidden) and the timer being reset (e.g. another 10 seconds). Since the timer is reset for every subsequent request, it is not necessary to have a long blocking period; in the event of a Ddos attack, this timer will keep getting reset.