ServerBuddies Support Blog

Enable passive mode for FTP in Plesk Panel

Log in as “root” to the server shell over SSH.

Edit your ProFTPD configuration file.

1. Issue the command vi /etc/proftpd.conf
2. Add the following lines anywhere within the [Global] section:

3. Save the file

Log in to Parallels Plesk Panel as “admin”, go to Modules > Firewall, and click Edit Firewall Configuration.

Click Add Custom Rule.

Specify the following:

1. Rule name
2. Direction: select Incoming.
3. Action: select Allow.
4. Ports: in the Add port input box, enter the value 49152-65534. Leave the TCP option selected, and click Add.
5. Click OK.
6. Click Activate, and then click Activate again.

Disable ICMP Redirect and Enable IP Spoofing Protection

ICMP redirects are used by routers to tell the server that there is a better path to other networks than the one chosen by the server.

However, an intruder could potentially use ICMP redirect packets to alter the hosts’s routing table by causing traffic to use a path you didn’t intend.

To disable ICMP Redirect Acceptance, edit the /etc/sysctl.conf file and add the following line:

# Do not accept ICMP redirects (prevent MITM attacks)

Enable IP Spoofing Protection

IP spoofing is a technique where an intruder sends out packets which claim to be from another host by manipulating the source address. IP spoofing is very often used for denial of service attacks.

To enable IP Spoofing Protection, turn on Source Address Verification.

Edit the /etc/sysctl.conf file and add the following line:

To allow anonymous users to upload, it is recommended that a write-only directory be created within /var/ftp/pub/.

To do this, type:

Next change the permissions so that anonymous users cannot see what is within the directory by typing:

A long format listing of the directory should look like this:

Additionally, under vsftpd, add the following line to the /etc/vsftpd/vsftpd.conf file:

Because FTP passes unencrypted usernames and passwords over insecure networks for authentication, it is a good idea to deny system users access to the server from their user accounts.

To disable user accounts in vsftpd, add the following directive to /etc/vsftpd/vsftpd.conf:

Unable to enable sendmail in Virtuzzo Power Panel (VZPP)

The exact issue :

Unable to enable sendmail using “Virtuzzo -> system services -> xinetd (tab) -> sendmail” section.

This is mainly occurring due to one entry /etc/xinetd.d/sendmail file. In order to fix this issue, do the following:

Modify :
service smtp
{
disable=yes
socket_type = stream
protocol = tcp
wait = no
user = root
group = root
server = /usr/sbin/sendmail
server_args = -bs -Am
nice = 5
instances = 10
}

Modify it to :

service smtp
{
disable=no
socket_type = stream
protocol = tcp
wait = no
user = root
group = root
server = /usr/sbin/sendmail
server_args = -bs -Am
nice = 5
instances = 10
}

restart the xinetd using:

Verify the sendmail status using “Virtuzzo -> system services -> xinetd (tab) -> sendmail”. You can see that the status of sendmail now changed to “enabled”.

How to enable runkit PHP extension

Installing runkit PHP extension.

After running the make command you will get the following error.

Fix is as follows

To:

Again continue with the installation steps.

Edit the loaded PHP configuration file ( here /usr/local/lib/php.ini ) and add the following line.

You can verify the runkit extension by