Helpdesk Support

Official Supportmonk Company Blog!

How to upgrade Mysql 5.1 to 5.4 and phpmyadmin on Zpanel?

August 9, 2016 , 6:27 pm

Here is the steps to upgrade Mysql.

   1. Login to your server as root
2. cd /etc/yum.repos.d
3. wget
4. yum –enablerepo=remi update mysql-server
5. mysql_update -u root -p
6. cd /etc/zpanel/panel/etc/apps
7. Rename the existing phpmyadmin folder and create a new folder.
mv phpmyadmin phpmyadmin_old
mkdir phpmyadmin
8. Download the phpmyadmin to your desktop
9. Login to WinSCP and access /etc/zpanel/panel/etc/apps/phpmyadmin then upload all files
10. Copy the file from phpmyadmin_old to phpmyadmin folder and delete the old folder.

Critical glibc buffer overflow vulnerability in getaddrinfo() on Linux

February 17, 2016 , 3:58 pm

It’s time for a new DNS-based remote code execution vulnerability after “Ghost” vulnerability (CVE-2015-0235).  This was discovered by the Google Security Team and Red Hat.

We can divide this “Critical glibc buffer overflow vulnerability” into two.


1. CVE-2015-7547                           2. CVE-2015-5229


It’s noticed that all the versions of glibc since 2.9 are affected by this attack. You can get rid of this vulnerability by updating glibc version.

Vulnerability in detail


A stack-based buffer overflow was found in libresolv in the code which performs dual A/AAAA DNS queries. A remote attacker could create specially crafted DNS responses which could cause libresolv to crash or potentially execute code with the permissions of the user running the library. The buffer overflow occurs in the function send_dg (for UDP queries) and send_vc (for TCP queries) in libresolv. The issue is only exposed when libresolv is called from the nss_dns NSS service module. CVE-2015-7547)

It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229)


Affected Products


All versions of the glibc package included with Red Hat Enterprise Linux 6 and 7 were affected by this flaw.

          Red Hat Enterprise Linux 6 & CentOS 6       : RHSA-2016:0175-1

Red Hat Enterprise Linux 7 & CentOS 7       : RHSA-2016:0176-1

Debian Squeeze, Wheezy, Jessy & Stretch    : CVE-2015-7547

Ubuntu 12.04 & 14.04                                       : CVE-2015-7547


How this Vulnerability occur / Possible way of Attack?


DNS requests are the root cause of this problem. ie, If the DNS server responds with a maliciously crafted response, each of this DNS request could trigger the exploit.

               >>> SSH logins           :   On each SSH login,  reverse DNS lookups are performed

>>> Mail servers           : For every incoming connections are checked for reverse DNS, DNS blacklists, SPF records are checked, …

>>> Curl requests on a server  : If an application allows user-input that triggers HTTP(s) fetches, this could trigger the exploit.

How to patch server?


If you are using a Red Hat Enterprise Linux, then you can update glibc via yum using the readily available packages.

If the package is available, run the following:

                     $ yum clean all

$ yum update glibc

After the update, you should reboot the system or restart all the public facing services.

ie, In case you are unable to restart the entire system after applying the update, execute the following command to list all running processes still using the old [in-memory] version of glibc on your system.

                  lsof +c0 -d DEL | awk ‘NR==1 || /libc-/ {print $2,$1,$4,$NF}’ | column -t

From the resulting list, identify the public-facing services and restart them.

For Red Hat Enterprise Linux 7 and CentOS 7 —  You can patch the server by reloading systemd after glibc update.

              $ systemctl daemon-reexec

Open SSH client bug CVE-2016-0777 – Security Update Issued

January 15, 2016 , 5:25 pm

A critical flaw has been identified in the OpenSSH CLIENT that could lead to serious security implications.

How to fix?
Add the option ‘UseRoaming no’ to your /etc/ssh/ssh_config file or start your ssh client with -oUseRoaming=no included on the ssh command line.

                           ie, echo ‘UseRoaming no’ >> /etc/ssh/ssh_config
sudo sh -c ‘echo UseRoaming \”no\” >> /etc/ssh/ssh_config’

It’s being reported that it effects only on Centos 7 servers and they can update OpenSSH using yum.

           #yum update openssh

Flash megaraid firmware

November 18, 2015 , 10:47 pm

In this article, I would like to discuss how to  flash megaraid firmware in this article. Here we need to upgrade megaraid-sas-9271-4i.

You can download the firmware from their website at

Download the exact firmware depends on your product version and unzip it. You can find the .rom files and readme files for that version.

[root@server ~]# wget

[root@server ~]# unzip


Using the followig command, you can flash firmware on your machine.

[root@server ~]# MegaCli -adpfwflash -f mr2208fw.rom -a0

To verify the firware version, you can run the command given below.
[root@server ~]# MegaCli64 -AdpAllinfo -aAll

OpenVPN using PPTPD on OPenVZ

October 20, 2015 , 1:15 pm

Add PPP Kernel Support To OpenVZ Containers

On MainNode

1. Enabling PPP Kernel Modules On The Host

 modprobe tun
modprobe ppp-compress-18
modprobe ppp_mppe
modprobe ppp_deflate
modprobe ppp_async
modprobe pppoatm
modprobe ppp_generic

2. Get the CTID for the openVZ Container  and execute the following steps

  vzctl stop 101
vzctl set 101 –features ppp:on –save
vzctl start 101
vzctl set 101 –devices c:108:0:rw –save
vzctl exec 101 mknod /dev/ppp c 108 0
vzctl exec 101 chmod 600 /dev/ppp

Install VPN using PPTPD

1. Install PPTPD

  yum install pppcd
apt-get install pptpd
cd /usr/local/src
rpm -Uhv pptpd-1.3.4-2.rhel5.x86_64.rpm

2. Edit IP setttings in /etc/pptpd.conf

     vi /etc/pptpd.conf

3. Add user account in/etc/ppp/chap-secrets  

    vi /etc/ppp/chap-secrets
user1 pptpd p@ss1 *
user2 pptpd p@ss2 *

4. Optional settings in /etc/ppp/options.pptpd

vi /etc/ppp/options.pptpd

5. Enable network forwarding in /etc/sysctl.conf

 vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p

6. Configure firewall

iptables -A INPUT –i eth0 -p tcp –dport 1723 -j ACCEPT
iptables -A INPUT –i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD –i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD –i eth0 -o ppp+ -j ACCEPT

service iptables save
service iptables restart

If you are using CSF firewall, then Config CSF Firewall

How to configure CSF firewall?

    1. Create File

vi /etc/csf/

iptables -A INPUT –i eth0 -p tcp –dport 1723 -j ACCEPT
iptables -A INPUT –i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD –i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD –i eth0 -o ppp+ -j ACCEPT


 2. chmod 777 /etc/csf/

3. Create File

vi /etc/csf/

service pptpd stop

service pptpd start

4. chmod 777 /etc/csf/


7. Restart CSF

8. Start VPN

service pptpd restart
chkconfig pptpd on

FTP upload scanner for cPanel servers

September 7, 2015 , 10:18 pm


Popular CMSs like wordpress,Joomla are always notorious for being hacked. Since so many sites use them, they are constantly being searched for vulnerabilities and malware codes appended to the account.Older versions of scripts will sometimes have security vulnerabilities so those scripts has to be updated. But in most cases we won’t be able to do the update on the installed plugins as it effect the layout of the site and might require some coding knowledge. So its always a good idea to set up proper auditing on these accounts.

Getting and installing a malware scanner in place on your web/FTP server is something that needs to be done as a priority, pretty much as soon as the server is set up as the proverb says  ‘Prevention is better than cure’. If you are on shared hosting then this will probably not be possible as you don’t control what you can install on a global basis but your host provider should provide some type of malware scanner solution.

If you are on a VPS or Dedicated Server plan than you certainly are in a postion to set up your own solutions.

Here we are discussing the steps to set up the custom FTP scan script, as we already have several method to monitor the web uploads like modsecurity,cxs etc.

This is a custom script which integrating the maldet with the (Linux Malware Detect) FTP service and providing a real time monitoring on the FTP uploads.So every file upload will be scanned before they get added to the user account.

Please note that this script need to have maldet and proftp configured on your server.

Here is the installtion script for the FTP upload scan


chown -R root.nobody /usr/local/maldetect
find /usr/local/maldetect -type f -exec chmod 775 {} ‘;’
find /usr/local/maldetect -type d -exec chmod 775 {} ‘;’

if [ -f /etc/proftpd.conf ]; then
echo “Pureftpd not running on `hostname`” | mail -s “WARNING proftpd running on `hostname`” $staff_email
echo “Proftpd running on server”
echo “Pureftpd running on server”

cp /etc/pure-ftpd.conf /etc/pure-ftpd.conf.`date +%F`
sed -i ‘/CallUploadScript/ d’ /etc/pure-ftpd.conf
echo “CallUploadScript yes” >> /etc/pure-ftpd.conf

cp /etc/rc.d/init.d/pure-ftpd /etc/rc.d/init.d/pure-ftpd.`date +%F`
wget -O /etc/rc.d/init.d/pure-ftpd
wget -O /etc/pure-ftpd/

chmod 755 /etc/pure-ftpd/
chmod 755  /etc/rc.d/init.d/pure-ftpd

/etc/rc.d/init.d/pure-ftpd restart

result=`ps ax |  grep  “”  | grep -v grep | grep -o pure-uploadscript | uniq`
if [[ “$result”  = “pure-uploadscript” && -f /etc/pure-ftpd/ ]]; then
echo “SUCCESS `hostname` Pureftpd configured with maldet scan” | mail -s “SUCCESS `hostname` Pureftpd configured with maldet scan” $staff_email

echo “CRITICAL: Failed to configure FTP scan `hostname`” | mail -s “CRITICAL: Failed to configure FTP scan on `hostname`” $staff_email

You need to specify the staff mail to get the installation mail and it will restart the FTP service with the new scan feature.

There is no need to initiate the upload check as it is already appended to the pureftp statup script.

Whenever there is a malware file uploaded to the account through FTP, you will  get a notification on the staff mail and the file will be quarantined.

That’s it!!


July 17, 2015 , 11:23 am

    Htscanner is an apache module which helps to specify php parametes via .htaccess for suphp handlers.

Requirements for installing htscanner
PHP version 5.2.0 or greater.

How to install Htscanner?
1. wget
2. tar -zxf htscanner-1.0.0.tgz
3. cd htscanner-1.0.0
4. phpize
5. ./configure –enable-htscanner –with-php-config=/usr/bin/php-config
6. make
7. make install
8. Collect the extension_di from the “make install” output.
9. In php.ini add

                       extension_dir = “/usr/lib/php/extensions/no-debug-non-zts-20060613//”
                       extension = “”
                       config_file = “.htaccess”


10. Add the following line in a .htaccess and see  it is working in a phpinfo page.                       
php_value register_globals Off

11. Go to the unzipped package location
12. Make sure apache has mod_so
/usr/local/apache/bin/httpd -l | grep mod_so.c
13. Then Compile the module.
                             /usr/local/apache/bin/apxs -c -a -i mod_htscanner2.c
14. Restart apache
                           /usr/local/apache/bin/apachectl restart
15. Test the apache conf
                             /usr/local/apache/bin/apachectl configtest
16. Update the apache parameters
                           /usr/local/cpanel/bin/apache_conf_distiller –update

17. Search the in httpd.conf

                       grep /usr/local/apache/conf/httpd.conf
18. Output
LoadModule htscanner_module   modules/

CSF Messenger

July 17, 2015 , 10:48 am

CSF Messenger offers a web page to be displayed when a person is blocked in the firewall. Those can be found at /etc/csf/messenger and can be changed

In /etc/csf/csf.conf:

1. Set the MESSENGER option to 1.
2. Set the MESSENGER_USER option to something other than the default “csf” such as csfuser or something random in /etc/csf/messenger/index.html:
3. Replace the file contents with the following:

<title>Unauthorized Access</title>
<h1>Your connection to this server has been blocked by this server’s firewall.</h1>
<p>Please contact technical support and provide this information:</p>
<p>Your blocked IP address is <b>[IPADDRESS]</b></p>
<p>This server’s hostname is <b>HOSTNAME</b></p>

4. Change HOSTNAME to the short name for the server, for example “shared1”

In your terminal/shell:

5. Create the csf user you added in #2 above (useradd $username)
6. Set some random password for this csf user – we do not need this password for anything so no need to keep record.
7. Restart CSF (csf -r) to fully enable the messenger service.


July 15, 2015 , 5:11 pm

R1Soft is the backup software we are using commonly. It provides Continuous Data Protection and disaster recovery for Linux and Windows servers. Here is the steps to configure and install R1soft server and agent.

Installing CDP server (On Backup Server):

We can install CDP server using two methods:   (1). Using YUM and  (2). RPM. Here is the steps for that:

I ) Using YUM:

1) Login to the backup server.
2) vi /etc/yum.repos.d/r1soft.repo
3) Insert the following text into the file and save the file:
name=R1Soft Repository Server

4) yum install r1soft-cdp-enterprise-server  (won’t work now since r1soft changed its rpm names so try below command) OR
yum install serverbackup-enterprise-server
5) Use the below command to get all the modules for R1Soft:
r1soft-setup –get-module

  II ) Using RPM:-

          1) Login to the backup server.
2) Check whether any rpm for r1soft is installed on the server
rpm -qa |grep r1soft
3) Check the server architecture and download the zip file.
4) Unzip the file.
cd enterprise-rpm
5) Install all the rpm files.
rpm -i *.rpm



Installation of Citrix Xen Server

July 15, 2015 , 3:17 pm

XenServer is a Virtualization platform made by Citrix and based on Linux. This uses .VHD files to save it’s virtual hard disk. Xenserver is the base operating system you install on your hardware.

Installing XenServer

1. First, burn your xenserver iso onto a CD. Put the CD in the drive of the server. Boot off the CD.
2. Press F12 or F9 at the post screen to get to a boot menu to boot off the CD.
3. Press ‘Enter’ to proceed past the screen.
4. Select the ‘Keyboard’ layout you use.
5. Press the tab key to go after the hard disk erase warning.
6. Press the Tab key to select the “Accept EULA” button, press Enter.
7. If you get a warning like “your system does not support the hardware assisted Virtualization” , verify your system has hardware virtualization enabled after checking with BIOS options.
8. Click the dialogue box again to proceed with the hard disk writing. At this point all data on the hard drive will be erased.
9. Press the tab key and press enter, then enter your desired root password twice and confirm it.

Configuring Network

10. The next screen shows you how to setup networking for your Xen server. We recommend you to use static IP address, However DHCP also works. Press the arrow key on the keyboard to select static configuration.
11. Enter your IP address, subnet mask, Default Gateway.
12. After your networking information has been entered , Press the tab until OK is highlighted.
Then press enter.
13. The next screen will ask you about your DNS servers and Hostnames. Enter your DNS servers and desired hostname on the respective field and press  ‘OK’


Outsourced Customer Support