Run the following commands as root on cPanel server.
Block :
whmapi1 suspend_outgoing_email user=USERNAME
Unblock :
whmapi1 unsuspend_outgoing_email user=USERNAME
November 8, 2019
How to block a cPanel user from sending spam/email
August 30, 2014
Backup cPanel accounts to DropBox
Notice : You need root access to cPanel server to be able to use this method.
DropBox is my favorite cloud space provider. Their recent price adjustment (1TB for $10/mo) has made using it a no brainer IMO. It is specially very good for backup purposes because it keeps different versions of your files without using any extra space. The retention period for free accounts is 30 days and for pro accounts is 1 year.
So lets say you take a backup of your website and upload it to DropBox everyday and size of your backup is 100MB. if you keep doing it for 1 year, in fact DropBox is keeping 365 x 100MB of your files which you can retrieve any of them while only 100MB of your space is used! it is crazy good, I know.
In order to be able to backup cPanel accounts directly to DropBox, first we need a method to upload files to DropBox from Linux command line. Fortunately there is a very good solution out there to do it : https://github.com/andreafabrizi/Dropbox-Uploader
Please refer to script documentation on how to install it on your server and link it to your DropBox account. it is fairly easy.
After you linked the script to your DropBox Account, move it to /usr/bin folder.
If you want to test it, run the following command and it should show your DropBox account info :
root@X:[~]: dropbox_uploader.sh info Dropbox Uploader v0.14 > Getting info... Name: X X UID: 012345 Email: email@domain.com Quota: 1021760 Mb Used: 2611 Mb Free: 1019148 Mb
Now create /usr/bin/backup2db with following content and make it executable :
#!/bin/bash for fn in $1; do /scripts/pkgacct $fn /usr/bin/dropbox_uploader.sh upload /home/cpmove-$fn.tar.gz /cpanel-backup/cpmove-$fn.tar.gz rm /home/cpmove-$fn.tar.gz done
Thats it ! We are good to go.
Command to backup cPanel account acct1 :
backup2db 'acct1'
It even support multiple account backup :
backup2db 'acct1 acct2 acct3'
If you need daily backups, you can put it in cron :
0 0 * * * /usr/bin/backup2db 'acct1 acct2 acct3' > /dev/null 2>&1
August 9, 2014
Block a cPanel account from sending out emails
If you have a compromised cPanel account which is used by spammers to send out spam emails, you can use the following trick to prevent the account from sending out any emails temporarily until you can fix the issue.
Edit “/etc/cpanel_exim_system_filter” and add the following ACL to the end of it.
Change USERNAME to compromised cPanel account.
if ( $received_protocol is "local" or $received_protocol is "esmtpa" ) and ( $h_Received contains "USERNAME" ) then seen finish endif
If you want to make the change permanent, you have to create a file in “/usr/local/cpanel/etc/exim/sysfilter/options” and put above rule in it.
May 9, 2014
Auto update Atomicorp mod_security rules script
Here is a very simple script, I have written for my own use to auto update mod_security rules from Atomicorp server. You can use cronjobs to automate the process.
Dont forget to put your Atomicorp subscription username and password in the script.
#!/bin/sh
USER=
PASS=
DIR=/var/cpanel
VER=`wget -q --user=$USER --password=$PASS http://updates.atomicorp.com/channels/rules/subscription/VERSION -O - | grep MODSEC_VERSION | sed -r 's/^.{15}//'`
FILE_NAME=modsec-$VER.tar.bz2
wget -q --user=$USER --password=$PASS http://updates.atomicorp.com/channels/rules/subscription/$FILE_NAME -O - | tar jxf - -C $DIR
/etc/init.d/httpd -k graceful
In this case, the script will install the rules in /var/cpanel/modsec directory and reload the server gracefully.
Apparently you should have the following in your modsec2.user.conf
Include "/var/cpanel/modsec/000000_asl_modreqtimeout.conf" Include "/var/cpanel/modsec/00_asl_0_global.conf" Include "/var/cpanel/modsec/00_asl_rbl.conf" Include "/var/cpanel/modsec/00_asl_z_antievasion.conf" Include "/var/cpanel/modsec/00_asl_zz_strict.conf" Include "/var/cpanel/modsec/01_asl_content.conf" Include "/var/cpanel/modsec/01_asl_rules_special.conf" Include "/var/cpanel/modsec/03_asl_dos.conf" Include "/var/cpanel/modsec/05_asl_exclude.conf" Include "/var/cpanel/modsec/05_asl_scanner.conf" Include "/var/cpanel/modsec/09_asl_rules.conf" Include "/var/cpanel/modsec/09_asl_rules_antievasion.conf" Include "/var/cpanel/modsec/10_asl_antimalware.conf" Include "/var/cpanel/modsec/10_asl_antimalware_output.conf" Include "/var/cpanel/modsec/10_asl_rules.conf" Include "/var/cpanel/modsec/11_asl_adv_rules.conf" Include "/var/cpanel/modsec/11_asl_data_loss.conf" Include "/var/cpanel/modsec/11_asl_rules.conf" Include "/var/cpanel/modsec/12_asl_brute.conf" Include "/var/cpanel/modsec/20_asl_useragents.conf" Include "/var/cpanel/modsec/30_asl_antimalware.conf" Include "/var/cpanel/modsec/30_asl_antispam.conf" Include "/var/cpanel/modsec/30_asl_antispam_referrer.conf" Include "/var/cpanel/modsec/31_asl_urispam.conf" Include "/var/cpanel/modsec/40_asl_apache2-rules.conf" Include "/var/cpanel/modsec/50_asl_rootkits.conf" Include "/var/cpanel/modsec/51_asl_rootkits.conf" Include "/var/cpanel/modsec/60_asl_recons.conf" Include "/var/cpanel/modsec/61_asl_recons_dlp.conf" Include "/var/cpanel/modsec/98_asl_adv_redactor.conf" Include "/var/cpanel/modsec/98_asl_jitp.conf" Include "/var/cpanel/modsec/99_asl_a_redactor.conf" Include "/var/cpanel/modsec/99_asl_exclude.conf" Include "/var/cpanel/modsec/99_asl_jitp.conf" Include "/var/cpanel/modsec/99_asl_redactor.conf" Include "/var/cpanel/modsec/99_asl_redactor_post.conf"
June 4, 2010
Protect Apache against Dos/DDos attacks using mod_evasive
mod_evasive is a module for Apache (both 1.3 and 2.0) giving Apache the ability to detect and fend off request-based DoS/DDoS attacks and brute-force attacks conserving your system resources and bandwidth. This tool can be configured to report abusers and even talk to network gear (such as a firewall or ipchains).
in this article we explain how to install mod_evasive on Apache 2 :
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz tar zxvf mod_evasive_1.10.1.tar.gz cd mod_evasive /usr/local/apache/bin/apxs -cia mod_evasive20.c
next step is to add the required configuration to the Apache config file , we can add this directly to the end of httpd.conf file but the problem is that if we do this , the httpd.conf will be overwritten by easyapache so we will use include files to add our config.
login into your WHM panel , and follow the following menu items :
Main >> Service Configuration >> Apache Configuration >> Include Editor
on the Pre Main Include section , choose All Versions from drop down menu and add the following config into it :
<IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 5 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 600 </IfModule>
then click on update and restart Apache server.
September 19, 2009
cPanel/WHM max emails each domain can send per hour
if you want to limit all domains globally , login into your WHM control panel. then go to Server Configuration –> Tweak Settings.
in the Mail section , you will find this setting :
The maximum each domain can send out per hour (0 is unlimited)
set it to any number that you want and click on Save.
but if you want to set the limit for each domain individually , edit /var/cpanel/maxemails :
nano /var/cpanel/maxemails
and add the following line into it ( replace domain.com and 100 with your domain name and limit number ) :
domain.com=100
then execute the following command :
/scripts/build_maxemails_config
July 14, 2009
Limit Connections per IP using mod_limitipconn on cPanel
one of the problems I had on one of my cPanel servers was that some people were using download managers to download files from server , so hundreds of connections were being ESTABLISHED to Apache and it was becoming like a dos attack and causing Apache to become non responsive.
so here is what I did to limit connections per IP in a cPanel hosting server :
there is an Apache module named mod_limitipconn which will take care of it for us.
first download the latest version of mod_limitipconn from this site : http://dominia.org/djao/limitipconn2.html
decompress and install it.
at current time the latest version is 0.23.
wget http://dominia.org/djao/limit/mod_limitipconn-0.23.tar.bz2 tar jxvf mod_limitipconn-0.23.tar.bz2 cd mod_limitipconn-0.23 /usr/local/apache/bin/apxs -cia mod_limitipconn.c
next step is to add the required configuration to the Apache config file , we can add this directly to the end of httpd.conf file but the problem is that if we do this , the httpd.conf will be overwritten by easyapache so we will use include files to add our config.
login into your WHM panel , and follow the following menu items :
Main >> Service Configuration >> Apache Configuration >> Include Editor
on the Post VirtualHost Include section , choose All Versions from drop down menu and add the following config into it :
<IfModule mod_limitipconn.c> <Location /> MaxConnPerIP 10 NoIPLimit images/* </Location> </IfModule>
then click on update and restart Apache server.
now We are all set 🙂
May 12, 2009
Secure Your WebServer by Disabling Dangerous PHP Functions
In order to secure your web server you need to disable some php functions which may be used to hack your server.
open your php.ini file and search for “disable_functions” then replace it with following directive :
disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode"
after this step you need to restart apache server.
if you have cPanel installed on your server , you need to run the following command from SSH for cPanel work properly :
/scripts/makecpphp
it will make another instance of PHP for internal cPanel/WHM use.
May 11, 2009
How to redirect mail.domain.com to roundcube using mod_rewrite
This only works only if you have a dedicated IP on your cPanel account
Many people are having problems accessing cPanel mail clients , entering mail client from cPanel takes a lot of times and memorizing the URL which is located on “http://domain.com:2095/3rdparty/roundcube/index.php” is not easy, also it is very long.
after some research, I found an excellent solution to solve this problem one time forever and for all addon domains !
cPanel makes a CNAME entry for mail.maindomain.com and all mail.addondomains.com to maindomain.com automatically , we will use it to do the trick.
create .htaccess file in the root directory of your main domain ( /public_html folder ) and copy and paste the following code into it :
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{http_host} ^mail\.(.*)\.com$ [NC]
RewriteRule ^(.*)$ http://%1.com:2095/3rdparty/roundcube/index.php [R=301,NC,L]
it will redirect mail.maindomain.com and all of mail.addondomains.com to http://domain.com:2095/3rdparty/roundcube/index.php