Search found 435 matches

by prupert
Fri May 05, 2017 9:59 am
Forum: Atomic Protector (formerly ASL)
Topic: Firewall config for Explicit FTP over TLS
Replies: 2
Views: 4173

Re: Firewall config for Explicit FTP over TLS

For passive FTP connections the server needs to open extra ports. This is normally done automatically on the fly by the ftp_conntrack firewall module. However, when FTP traffic is encrypted, it is impossible for the firewall to track the FTP connection. Thus, if you want to be able to use encrypted ...
by prupert
Thu Mar 02, 2017 5:01 am
Forum: Help with other free stuff
Topic: High cpu issue (need your advice, please)
Replies: 3
Views: 9957

Re: High cpu issue (need your advice, please)

A relatively high amount of Apache threads are busy in "Logging" state. Check your disk load, this may be the bottleneck.
by prupert
Tue Jan 17, 2017 9:27 am
Forum: PHP Help and Discussion
Topic: running exec
Replies: 2
Views: 6134

Re: running exec

How is this possible? I realise the somefile_cgi is world executable. But how is ftpuser able to run "exec"? Shell access is disabled for this user. I've checked /etc/passwd and the shell is /bin/false for the particular ftpuser. This only prevents the user from being able to login to a s...
by prupert
Fri Dec 09, 2016 3:31 am
Forum: PHP Help and Discussion
Topic: Upgrade PHP from 5.4.45 to 5.6.x: anything to look out for?
Replies: 4
Views: 6809

Re: Upgrade PHP from 5.4.45 to 5.6.x: anything to look out f

For long term support you may want to use the CentOS 7 stock PHP 5.4.16 packages.

PHP 5.4 itself has been end-of-life for over a year now. You may be having installed an unsupported and vulnerable version of PHP on your server.
by prupert
Tue Dec 06, 2016 1:14 pm
Forum: Firewall Help and Discussion
Topic: Immediate drop
Replies: 12
Views: 10704

Re: Immediate drop

What are your concerns exactly?
by prupert
Tue Dec 06, 2016 9:40 am
Forum: PHP Help and Discussion
Topic: Upgrade PHP from 5.4.45 to 5.6.x: anything to look out for?
Replies: 4
Views: 6809

Re: Upgrade PHP from 5.4.45 to 5.6.x: anything to look out f

Never seen major issues with web applications when upgrading from 5.4 to 5.6. YMMV if you are hosting very old applications. Check your error logs.

Disclaimer: I've only used RH/CentOS SCL and Remi repositories for PHP 5.6.
by prupert
Mon Dec 05, 2016 8:59 am
Forum: Firewall Help and Discussion
Topic: Immediate drop
Replies: 12
Views: 10704

Re: Immediate drop

The package dsniff (in EPEL) provides a command called "tcpkill" which you can use to kill TCP connections. I think it is as simple as

Code: Select all

tcpkill host <offending-ip>
by prupert
Wed Nov 02, 2016 11:23 am
Forum: Atomic Protector (formerly ASL)
Topic: Kernel Question
Replies: 5
Views: 4436

Re: Kernel Question

Kernel 3.2.69-82 is now available for EL5 platforms
by prupert
Tue Oct 25, 2016 7:50 pm
Forum: Atomic Protector (formerly ASL)
Topic: Kernel Question
Replies: 5
Views: 4436

Re: Kernel Question

The ASL kernels previous to 3.2.69-82 are vulnerable to CVE-2016-5195.
The 82-release specifically contains the patch that fixes this vulnerability.
by prupert
Fri Oct 21, 2016 10:52 am
Forum: Control Panel Support Help
Topic: Safe to block 8880 with Plesk 12.5?
Replies: 2
Views: 3684

Re: Safe to block 8880 with Plesk 12.5?

We never allow access to tcp/8880, haven't seen any issues.
by prupert
Sun Oct 09, 2016 4:42 am
Forum: Control Panel Support Help
Topic: ip filering port 110 and 143 breaks watchdog
Replies: 2
Views: 3751

Re: ip filering port 110 and 143 breaks watchdog

Blocking these ports is a weird move that will most likely only cause more head aches, for you, and your clients. Modern mail clients with actually want to use ports 110 and 143 for STARTTLS. If you want to enforce TLS connections only, you can simply configure your mail server to require all client...
by prupert
Mon Oct 03, 2016 10:54 am
Forum: Control Panel Support Help
Topic: nginx, php-fpm and T_WAF in Plesk 12
Replies: 12
Views: 10600

Re: nginx, php-fpm and T_WAF in Plesk 12

Event is just one of the three Multi-Processing Modules ("MPM") available in Apache httpd 2.4. Event is much more efficient than Prefork, which is probably what you are using now. A major difference between Event and Prefork, is that one httpd process in Event runs with multiple threads th...
by prupert
Sun Jul 31, 2016 5:24 am
Forum: Atomic Protector (formerly ASL)
Topic: Mount NFS volume on ASL system
Replies: 2
Views: 2948

Re: Mount NFS volume on ASL system

Is this enabled: http://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration#ALLOW_NFS Yes. But is this really necessary if you only want to mount a volume? And is the NFS kernel module loaded? No, it is not loaded in the ASL kernel. We are now loading it manually (via /etc/sysconfig/modules/m...
by prupert
Fri Jul 29, 2016 6:16 am
Forum: Atomic Protector (formerly ASL)
Topic: Mount NFS volume on ASL system
Replies: 2
Views: 2948

Mount NFS volume on ASL system

It seems that the NFS kernel module is absent from the ASL kernel. How do we mount an NFS volume on a CentOS 6 system when using the ASL kernel?

Code: Select all

# mount /mnt/my-nfs-volume
mount.nfs: No such device
by prupert
Thu Jul 21, 2016 5:56 am
Forum: Security Alerts
Topic: httpoxy issue
Replies: 5
Views: 5705

Re: httpoxy issue

Thanks Nils. In Plesk 10.x, the fastcgi_params file does not exist (anywhere). Will creating one do any good? I don't know where the master config is to see if it looks for such a file if it exists. No, it will be pointless to create this file. I don't run any Plesk <12 machines anymore so I wouldn...