Restore cPanel Backup to DirectAdmin Server

Posted by: Chris  :  Category: DirectAdmin, Linux Tips

Some random notes on cP to DA restore

  • cPanel user account must be owned by root when you create the backup on the cPanel server.
  • When using the “Personal” version of DA, the admin user must be changed to match the user of the cPanel account you are trying to restore, as this version only allows a single account.
  • On the DA server, change the default “admin” username to the USERNAME of the backup.

cd /usr/local/directadmin/scripts
./ admin USERNAME 

Edit /usr/local/directadmin/data/users/USERNAME/user.conf

Change creator, name and username to the backups USERNAME

Restore the cPanel backup per –

This will fail (and its OK)!

What this did was take your cPanel backup and create a DA backup file with the cPanel information.

Now, rename the DA created backup to user.USERNAME.USERNAME.tar.gz

Restore this newly named backup using the same process.

SolusVM Master on CentOS 7

Posted by: Chris  :  Category: Linux Tips

When moving a master from one server to another I came across a few issues with the new (v4) installer for SolusVM and CentOS 7. The server was loaded with the minimal install of CentOS, and there is no specific information on SolusVM’s site for dependencies. The first time I ran the install script, it never stated that there was a problem, but the back end web server was not accepting connections. Long story short, before you run the SolusVM installer for CentOS 7, run the following command to ensure that the software needed is in place:

yum -y install rrdtool-php.x86_64 nmap.x86_64 vim-enhanced mlocate rsyslog.x86_64 php

For reference, here is the command from the SolusVM website for the CentOS 7 install script:


How to mass clean base64_decode infected php files (Including WordPress)

Posted by: Chris  :  Category: Linux Tips

Hello once again,

I had recently been asked to take a look at a server that was being reported as having a virus passed to unsuspecting visitors. I did the usual scan (using clamscan) and came up with a couple of files that had PHP shells. I removed those files, and started digging deeper. What I found was that two of the accounts on the server had all of their .php files infected with a base64_decode right on the first line. What this does is it encrypts code so that a user cannot see it. The web server knows how to decrypt it, so when the page is served to a user, they get a little more than they bargained for! The following information will only replace the first line of these infected files.

Read more…

Logwatch installation – cPanel with CentOS 6 (64bit)

Posted by: Chris  :  Category: Linux Tips

By default, Logwatch is not installed on a CentOS 6 (x64) server (not sure about 32bit versions..?). This is something that I have missed from using the previous versions of CentOS. As a server admin, I like to be able to review this file to see if anything funny or strange has happened over the past day. When trying to install this from yum, I was getting an error:

Error: Package: logwatch-7.3.6-49.el6.noarch
Requires: perl(Date::Manip)

Installing perl(Date::Manip) through the cPanel perl modules interface did not cure the issue. The perl version required by Logwatch is newer than the default cPanel version.

Here is how I corrected the issue and was able to get Logwatch working properly….
Read more…

Available for Server Administration

Posted by: Chris  :  Category: Uncategorized

I just thought that I would let everyone that may be interested, that I am available for one time, or continuous server administration. Prices do vary, and if you would like more information, please feel free to reply to this post or email me directly at:

Contact Information


How to Secure your Server – Basic

Posted by: Chris  :  Category: Ramblings

Here are some quick tips on how to secure your Linux server. This is only a short list, but, they are must do’s! Some of which are:

1. Change ssh port (use keys if possible as well/allow only specific users)
2. Disable unneeded services
3. Install a good firewall
4. Disable dangerous / unused PHP functions / harden your PHP
5. Install mod_security
6. Virus scan FTP uploads
7. Install root kit detection
8. Set root email to off server email account
9. Make sure your passwords are tough to guess. This is a big one, especially for the root user, this should be a very tough password.

This is a quick list, as there are many other things that can be done. Some things on this list are already on this blog, so please be sure to read the related posts.

Scanning for unwanted files/code

Posted by: Chris  :  Category: Linux Tips

Here is a little code that I use to scan servers that I admin on for unwanted files. These include php shell’s and encoded files. You can add your own expressions as well. The expressions that I have listed are what I have found to most likely be in infected files.
Read more…

FastCGI & Custom php.ini file per user

Posted by: Chris  :  Category: Linux Tips

I was recently asked to look at allowing custom php.ini files on a system where they were using FastCGI (fcgid) with SuExec to load php pages. This was a cPanel server using PHP5x, and after some research, I was able able to come up with a solution.
Read more…

Downgrading eAccelerator – cPanel

Posted by: Chris  :  Category: Linux Tips

The latest cPanel release comes with the option to have php version 5.3.1, and also uses the latest release candidate for eAccelerator, 0.9.6-rc1. These options are available to you through the EasyApache interface. There seems however, to be some bugs which cause unexpected high loads on busy servers, which some believe, are caused by a fault in the eAccelerator release candidate. Here are the steps you need to take in order to downgrade to eAccelerator Release- Read more…

How to install mod_limitipconn on cPanel

Posted by: Chris  :  Category: Linux Tips

We are going to install mod_limitipconn in order to limit the number of connections per IP on our server.  This can be a very useful tool, as it could help in lowering the load on your server due to someone connecting too many times from the same IP.

Read more…