Search found 435 matches
- Fri May 05, 2017 9:59 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Firewall config for Explicit FTP over TLS
- Replies: 2
- Views: 11547
Re: Firewall config for Explicit FTP over TLS
For passive FTP connections the server needs to open extra ports. This is normally done automatically on the fly by the ftp_conntrack firewall module. However, when FTP traffic is encrypted, it is impossible for the firewall to track the FTP connection. Thus, if you want to be able to use encrypted ...
- Thu Mar 02, 2017 5:01 am
- Forum: Help with other free stuff
- Topic: High cpu issue (need your advice, please)
- Replies: 3
- Views: 17960
Re: High cpu issue (need your advice, please)
A relatively high amount of Apache threads are busy in "Logging" state. Check your disk load, this may be the bottleneck.
- Tue Jan 17, 2017 9:27 am
- Forum: PHP Help and Discussion
- Topic: running exec
- Replies: 2
- Views: 14272
Re: running exec
How is this possible? I realise the somefile_cgi is world executable. But how is ftpuser able to run "exec"? Shell access is disabled for this user. I've checked /etc/passwd and the shell is /bin/false for the particular ftpuser. This only prevents the user from being able to login to a s...
- Fri Dec 09, 2016 3:31 am
- Forum: PHP Help and Discussion
- Topic: Upgrade PHP from 5.4.45 to 5.6.x: anything to look out for?
- Replies: 4
- Views: 14985
Re: Upgrade PHP from 5.4.45 to 5.6.x: anything to look out f
For long term support you may want to use the CentOS 7 stock PHP 5.4.16 packages.
PHP 5.4 itself has been end-of-life for over a year now. You may be having installed an unsupported and vulnerable version of PHP on your server.
PHP 5.4 itself has been end-of-life for over a year now. You may be having installed an unsupported and vulnerable version of PHP on your server.
- Tue Dec 06, 2016 1:14 pm
- Forum: Firewall Help and Discussion
- Topic: Immediate drop
- Replies: 12
- Views: 20918
Re: Immediate drop
What are your concerns exactly?
- Tue Dec 06, 2016 9:40 am
- Forum: PHP Help and Discussion
- Topic: Upgrade PHP from 5.4.45 to 5.6.x: anything to look out for?
- Replies: 4
- Views: 14985
Re: Upgrade PHP from 5.4.45 to 5.6.x: anything to look out f
Never seen major issues with web applications when upgrading from 5.4 to 5.6. YMMV if you are hosting very old applications. Check your error logs.
Disclaimer: I've only used RH/CentOS SCL and Remi repositories for PHP 5.6.
Disclaimer: I've only used RH/CentOS SCL and Remi repositories for PHP 5.6.
- Mon Dec 05, 2016 8:59 am
- Forum: Firewall Help and Discussion
- Topic: Immediate drop
- Replies: 12
- Views: 20918
Re: Immediate drop
The package dsniff (in EPEL) provides a command called "tcpkill" which you can use to kill TCP connections. I think it is as simple as
Code: Select all
tcpkill host <offending-ip>
- Wed Nov 02, 2016 11:23 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Kernel Question
- Replies: 5
- Views: 6989
Re: Kernel Question
Kernel 3.2.69-82 is now available for EL5 platforms
- Tue Oct 25, 2016 7:50 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Kernel Question
- Replies: 5
- Views: 6989
Re: Kernel Question
The ASL kernels previous to 3.2.69-82 are vulnerable to CVE-2016-5195.
The 82-release specifically contains the patch that fixes this vulnerability.
The 82-release specifically contains the patch that fixes this vulnerability.
- Fri Oct 21, 2016 10:52 am
- Forum: Control Panel Support Help
- Topic: Safe to block 8880 with Plesk 12.5?
- Replies: 2
- Views: 9951
Re: Safe to block 8880 with Plesk 12.5?
We never allow access to tcp/8880, haven't seen any issues.
- Sun Oct 09, 2016 4:42 am
- Forum: Control Panel Support Help
- Topic: ip filering port 110 and 143 breaks watchdog
- Replies: 2
- Views: 10011
Re: ip filering port 110 and 143 breaks watchdog
Blocking these ports is a weird move that will most likely only cause more head aches, for you, and your clients. Modern mail clients with actually want to use ports 110 and 143 for STARTTLS. If you want to enforce TLS connections only, you can simply configure your mail server to require all client...
- Mon Oct 03, 2016 10:54 am
- Forum: Control Panel Support Help
- Topic: nginx, php-fpm and T_WAF in Plesk 12
- Replies: 12
- Views: 20094
Re: nginx, php-fpm and T_WAF in Plesk 12
Event is just one of the three Multi-Processing Modules ("MPM") available in Apache httpd 2.4. Event is much more efficient than Prefork, which is probably what you are using now. A major difference between Event and Prefork, is that one httpd process in Event runs with multiple threads th...
- Sun Jul 31, 2016 5:24 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Mount NFS volume on ASL system
- Replies: 2
- Views: 4659
Re: Mount NFS volume on ASL system
Is this enabled: http://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration#ALLOW_NFS Yes. But is this really necessary if you only want to mount a volume? And is the NFS kernel module loaded? No, it is not loaded in the ASL kernel. We are now loading it manually (via /etc/sysconfig/modules/m...
- Fri Jul 29, 2016 6:16 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Mount NFS volume on ASL system
- Replies: 2
- Views: 4659
Mount NFS volume on ASL system
It seems that the NFS kernel module is absent from the ASL kernel. How do we mount an NFS volume on a CentOS 6 system when using the ASL kernel?
Code: Select all
# mount /mnt/my-nfs-volume
mount.nfs: No such device
- Thu Jul 21, 2016 5:56 am
- Forum: Security Alerts
- Topic: httpoxy issue
- Replies: 5
- Views: 13362
Re: httpoxy issue
Thanks Nils. In Plesk 10.x, the fastcgi_params file does not exist (anywhere). Will creating one do any good? I don't know where the master config is to see if it looks for such a file if it exists. No, it will be pointless to create this file. I don't run any Plesk <12 machines anymore so I wouldn...