Cphulk Protection

cPHulk is a small program developped by the cPanel team and is exclusive to cPanel / WHM control panels. It’s a brute force protection which looks for logins for PAM services. Based on the configuration, it will block an IP after a specified number of failed logins from a specific IP (or for a specific account) for a specific period of time. It covers the services like, courier,dovecot,exim,pure-tpd,cpaneld,webmaild,whostmgrd,sshd and cppop. In “cphulkd” database,there are separet tables for each service.

cPHulk stores failed login attempts in a database. This is useful for determining problem IP addresses that may need to be blocked from accessing your server altogether.

If you want to enable cPHulk protection in WHM, you will have to disable the “UseDNS” option in sshd_config.

To enable the cPHulk protection, Login to WHM,

Main >> Security Center >> cPHulk Brute Force Protection and enable/disable it there.

You can configure the settings there. One of the common mistakes when enabling cphulkd on your cpanel/whm is not to add your local ip to the whitelist first which locks you out of your own cpanel/whm. You can whitelist your own IP in White/Black List Management.

However, the database “cphulkd”, may need to be cleared from time to time. You can clear the database by clicking “Flush DB” option available in cPHulk Brute Force Protection menu in WHM or on CLI use following command,

# echo "delete from brutes; delete from logins;" | mysql cphulkd

Try to login now.

“cPanel & WHM Update Blocks” error on the main page of WHM when we login to WHM

This issue is caused due to expired cpanel license or the corrupted license file.

It can be resolved by moving /var/cpanel/update_blocks.config and resynchronizing the cPanel license with /usr/local/cpanel/cpkeyclt.

# mv /var/cpanel/update_blocks.config /var/cpanel/update_blocks.config.bk

# /usr/local/cpanel/cpkeyclt

If its still the same, try to disable the CSF firewall by

# csf -x

and then resynchronizing the cPanel license.

database error for horde and roundecube

Sometimes you may face the following errors in webmail.

horde : A fatal error has occurredDB Error: connect failed

roundcube: DATABASE ERROR: CONNECTION FAILED!Unable to connect to the database!

Most probably, its an issue with the databases associated with horde and roundcube, so please check related error logs by

# vi /var/cpanel/horde/log/horde_0.log

Press Shift+G and check the error at bottom.

Feb 27 03:16:06 HORDE [emergency] [horde] DB Error: connect failed:  [nativecode=Access denied for user ‘horde’@’localhost’ (using password: YES)] ** mysql(mysql)://horde:[email protected]+localhost:3306/horde?persistent=1&charset=utf-8&ssl=1&splitread= [pid 18142 on line 398 of “/usr/local/cpanel/base/horde/lib/Horde/Perms/sql.php”]

# vi /var/cpanel/roundcube/log/errors

Press Shift+G and check the error at bottom.

[27-Feb-2012 03:15:09 +0000]: DB Error: _doConnect: [Error message: Access denied for user ’roundcube’@’localhost’ (using password: YES)]
[Native code: 1045]
[Native message: Access denied for user ’roundcube’@’localhost’ (using password: YES)]
** mysql(mysql)://roundcube:[email protected]/roundcube in /usr/local/cpanel/base/3rdparty/roundcube/program/include/rcube_mdb2.php on line 102 (GET /cpsess7853727673/3rdparty/roundcube/index.php)

The issue can be resolved by forced update

# /usr/local/cpanel/bin/update-horde –force
# /usr/local/cpanel/bin/update-roundcube –force

Once update completed, check the webmail.

You are done!

Plesk default config and logs files

The exact value of path variables can be known from /etc/psa/psa.conf file on Parallels Plesk Panel server. Below is example of /etc/psa/psa.conf file:

# Plesk tree

PRODUCT_ROOT_D /usr/local/psa

# Directory of SysV-like Plesk initscripts

PRODUCT_RC_D /etc/init.d

# Directory for config files

PRODUCT_ETC_D /usr/local/psa/etc

# Virtual hosts directory

HTTPD_VHOSTS_D /var/www/vhosts

# Apache configuration files directory

HTTPD_CONF_D /etc/httpd/conf

# Apache include files directory

HTTPD_INCLUDE_D /etc/httpd/conf.d

# Apache binary files directory

HTTPD_BIN_D /usr/bin

#Apache log files directory

HTTPD_LOG_D /var/log/httpd

#apache startup script


# Qmail directory

QMAIL_ROOT_D /var/qmail

# Location of qmail maildirs

QMAIL_MAILNAMES_D /var/qmail/mailnames

# Path to rblsmtpd

RBLSMTPD /usr/sbin/rblsmtpd

# Courier-IMAP


# Proftpd

FTPD_CONF /etc/proftpd.conf

FTPD_CONF_INC /etc/proftpd.include

FTPD_BIN_D /usr/bin

FTPD_VAR_D /var/run/proftpd

FTPD_SCOREBOARD /var/run/proftpd/scoreboard

# Bind

NAMED_RUN_ROOT_D /var/named/run-root

# Webalizer

WEB_STAT /usr/bin/webalizer

# Logrotate

LOGROTATE /usr/local/psa/logrotate/sbin/logrotate


MYSQL_VAR_D /var/lib/mysql

MYSQL_BIN_D /usr/bin

# PostgreSQL

PGSQL_DATA_D /var/lib/pgsql/data

PGSQL_BIN_D /usr/bin

# Backups directory

DUMP_D /var/lib/psa/dumps

# Mailman directories

MAILMAN_ROOT_D /usr/lib/mailman

MAILMAN_VAR_D /var/lib/mailman

# Python binary

PYTHON_BIN /usr/bin/python2.4

# Tomcat root directory

CATALINA_HOME /usr/share/tomcat5

# DrWeb

DRWEB_ROOT_D /opt/drweb

DRWEB_ETC_D /etc/drweb

# GnuPG binary

GPG_BIN /usr/bin/gpg

# Tar binary

TAR_BIN /bin/tar

# Curl certificates

CURL_CA_BUNDLE_FILE /usr/share/curl/curl-ca-bundle.crt

# AWStats

AWSTATS_ETC_D /etc/awstats

AWSTATS_BIN_D /var/www/cgi-bin/awstats

AWSTATS_TOOLS_D /usr/share/awstats

AWSTATS_DOC_D /var/www/html/awstats

# openssl binary

OPENSSL_BIN /usr/bin/openssl

LIB_SSL_PATH /lib/libssl.so.5

LIB_CRYPTO_PATH /lib/libcrypto.so.5

CLIENT_PHP_BIN /usr/local/psa/bin/php-cli


32bit or 64bit system check

To get the details, you can use following commands

# uname -a
# uname -i
# uname -m
# uname -p
# grep flags /proc/cpuinfo
# file /usr/bin/file
# cat /proc/cpuinfo
# getconf LONG_BIT

x86_64 GNU/Linux indicates that you’ve a 64bit Linux kernel running. If you use see i386/i486/i586/i686 it is a 32 bit kernel.

How to check if suexec enabled or not

You can use following steps to check the server for suexec

1) Login into you server as root and fire following command

#/usr/local/cpanel/bin/rebuild_phpconf --current

If server is Suexec then result would look like


PHP4 SAPI: suphp

PHP5 SAPI: suphp

SUEXEC: enabled

2) If you are not sure about Shell then you can also check the SuExec is enabled or not? from your WHM.Lgin into your WHM and in the menu find Configure PHP and SuExec

Check the drop down box for “PHP 4/5 Handler” – and if beside that it says “suPHP” – Then your sever is SuExec enabled

3) If you don’t have root access, you can create a php file (test.php) in your account from cPanel >> File Manager and change the permissions on that file to 777 and open it in a browser. If it gives 500 Internal Server Error, your most probably running suPHP.

4)As well as you can also create the phpinfo page in your account from your cPanel >> File manager For ex. phpinfo.php with the following code;

<? phpinfo() ?>

After creating phpinfo.php page browse it http://yourdomainname.com/phpinfo.php and if it shows

Server API = Apache then server is not running PHP in Suexec mode

And if

Server API = CGI the server is running PHP in Suexec mode.

Yum installation on a cPanel VPS

The OS template used for a cPanel VPS doesn’t include yum, you need to install it manually.

You can install Yum on Linux centOS 5.x 32 Bit server by installing following RPMS.

# rpm -ivh http://mirror.centos.org/centos/5/os/i386/CentOS/python-elementtree-1.2.6-5.i386.rpm

# rpm -ivh http://mirror.centos.org/centos/5/os/i386/CentOS/python-iniparse-0.2.3-4.el5.noarch.rpm

# rpm -ivh http://mirror.centos.org/centos/5/os/i386/CentOS/python-sqlite-1.1.7-1.2.1.i386.rpm

# rpm -ivh http://mirror.centos.org/centos/5/os/i386/CentOS/python-urlgrabber-3.1.0-6.el5.noarch.rpm

# rpm -ivh http://mirror.centos.org/centos/5/os/i386/CentOS/m2crypto-0.16-6.el5.8.i386.rpm

# rpm -ivh http://mirror.centos.org/centos/5/os/i386/CentOS/python-urlgrabber-3.1.0-6.el5.noarch.rpm

# rpm -ivh http://mirror.centos.org/centos/5/os/i386/CentOS/yum-metadata-parser-1.1.2-3.el5.centos.i386.rpm

# rpm -ivh http://mirror.centos.org/centos/5/os/i386/CentOS/yum-fastestmirror-1.1.16-14.el5.centos.1.noarch.rpm –nodeps

# rpm -ivh http://mirror.centos.org/centos/5/os/i386/CentOS/yum-3.2.22-33.el5.centos.noarch.rpm

After all RPMs installd, run

# yum update

That’s it!

The skeleton directory in a cPanel server

The skeleton directory, is a feature available in Web Host Manager (WHM), the control panel that comes with reseller account on cPanel servers. This directory is used as a template, or skeleton, for new cPanel accounts. Anything placed in the skeleton directory of the reseller account is automatically copied to the home directory of any new cPanel account created by that reseller.

For example if, in the skeleton directory, you create a /public_html directory include an index.html file, each new cPanel account you create will have a copy of that index.html in their public_html directory.

To know your skeleton directory path:

Login to WHM

In the Account Functions menu, click on the “Skeleton Directory” link.

The path to your skeleton directory will be displayed, usually its something like,


where “username” is your main reseller account.

You could put information telling your clients how to begin modifying their cPanel account settings, uploading their own web pages, etc. Or in an index.php file, you could include more dynamic contents. Or you can welcome your clients by putting welcome texts or can put heading like that ******* site is proudly hosted by ********. Some include a page with steps for clients on how to begin configuring their accounts.

So when your client opens the website, he will see a default index page ie the page placed in skeleton directory. its good feature to add a default index page so that there will not be directory listing show for newly created accounts.

Enable slow query log in a cPanel/Linux server

To enable slow query log in cpanel server, you can use following steps.

Add following to following to /etc/my.cnf file on server.

# vi /etc/my.cnf


After that, do the following commands to create the file with the right ownership and file permissions

# touch /var/lib/mysql/slow.log

# chmod 660 /var/lib/mysql/slow.log

# chown mysql:mysql /var/lib/mysql/slow.log

Restart the mysql server and check the logs in /var/lib/mysql/slow.log.