ServerBuddies Support Blog

Adding SPF records for a user via SSH in Cpanel servers

SPF (Sender Policy Framework): A feature that allows a recipient server to verify that an email message has really been sent from the domain specified in the From: field. Enabling SPF can prevent your server from receiving replies to spam that has forged your domain name as part of the sender’s address. SPF only works if both the sending and receiving mail servers have SPF enabled.

Login to your cpanel server as root user.

Disabling SSH Login for root user

Below are instructions for disabling the root user and allowing another user to assume the root users permissions. This adds another layer of security because an additional username and password must now be entered before gaining the root user privileges.

Before you disable root logins you should add an administrative user that can ssh into the server and become root with su.

In the following example we are using buddy for the username, but can be replaced with any username you wish to use.

Set the password for the buddy user. When prompted type and then retype the password.

SSH to the server with the new admin user and ensure that the login works.
Verify that you can su (switch user) to root with the admin user.

Edit /etc/ssh/sshd_config with your favorite text editor.

Change this line:

to this:

Ensure that you are logged into the box with another shell before restarting sshd to avoid locking yourself out of the server.

Run PHP as user instead of as the web server user nobody.

suPHP is a tool for executing PHP scripts with the permissions of their owners.

It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

You can run PHP as the user (like CGI scripts do with Apache’s suEXEC), with EasyApache’s PHP As User option. This will enable suPHP, greatly improving the permissions situation.

Vulnerable scripts will be limited to the user in question, and are less likely to affect other users. It also changes how PHP interacts with Apache; for example, directives like php_$value are not valid for mod_suphp.

mod_suphp is considerably slower than mod_php.

PHP runs as part of the web server so that, among other things, certain tasks can be done once and held in memory instead of repeated with each request. This helps to speed the server’s performance, and requires that PHP run as the web server’s user “nobody.”

Since that is the case, PHP and directory permissions generally need to be very loose, so PHP can manipulate things. This can allow any user to employ a PHP script to read and write other users’ data. At times, a flaw in PHP can even allow a PHP script to gain root access or take over data in requests on other users’ PHP scripts.

Reference : http://www.suphp.org/
: http://cpanel.net/

How to enable access from all machines for mysql user.

To create a user who has access from all machines in a given domain (for example, serverbuddies.com), you can use the “%” wildcard character in the host part of the account name:

To do the same thing by modifying the grant tables directly, do this:

Transferring User Accounts, Domain Names and Web Sites to Plesk Panel

You can transfer data (user accounts, settings, Web sites and e-mail) to your Parallels Plesk Panel from other hosting servers managed by earlier versions of Parallels Plesk Panel or other Web hosting software.

Data transfers from Windows-based servers to Linux/Unix-based servers are not supported by the Migration Manager function available from the Parallels Plesk Panel; however, you can transfer data from a Windows-based server to a Linux/Unix-based server by backing up data on a source server and then restoring them on the destination server using the command line backup and restore utilities.

Go to Home > Migration Manager (in the Help & Support group).
To check if there are any updates for Migration Manager components, click Synchronize. These updates may include files of migration agents that enable support for transferring data from hosting platforms other than Parallels Plesk Panel.

Click Start New Migration.
Leave the Transfer data from another server option selected, and specify the following options:

The source server’s address. Specify either the IP address or the host name of the server, from which you want to transfer data.
The login name and password used for logging in to the source server.

Select the type of operating system running on the source host. (This option is available if you are using Parallels Plesk Panel 9 for Windows hosting platform.)
Specify the path to the directory where temporary files will be stored.

Specify whether you want to transfer all data related to user accounts and domains from the source server, or only specific items.

Select the data compression option, if you pay per the amount of transferred data, or if you want to save bandwidth. Data compression saves bandwidth, but consumes more disk space.
Click Next>>. The migration manager will connect to the specified server and gather information about the business objects of the source hosting platform.

If you are transferring data from hosting platforms other than Parallels Plesk Panel, select the version of the migration agent that must be used and then click Next >>. Parallels Plesk Panel automatically selects the appropriate agent version; however, if data transfer fails, you can try selecting another version of migration agent.

Source : parallels.com/Plesk/