Softlayer & Blocking Mail Transport!

I remember when I first entered into the hosting business during 2004, LayeredTech used to be an unbeatable datacenter in the market. They were mostly competing with the ThePlanet at that time and both were market leaders for the users who used Datacenter premises based on monthly rent. When Softlayer started populating some of their automated system like OS reinstall, IP addition, port control etc. using the shared VLAN & BIOS level control with almost all server through the use of KVM (IPMI from Supermicro was fresher in the market, and SL started giving away a Java app ‘IPMIView’ that had access to both console and a fast tty, it used to be DRAC before from Dell, which was eventually developed by Supermicro, I believe they still do), everything started falling a part for LT. LT gradually started focusing on ‘Enterprise Only’ institution. I eventually forgot following LT over the year since 2008.

Since Softlayer had started growing, which they eventually done in extremely fast manner, they merged with multiple companies (ThePlanet was the most notable and talked), and become the largest consumer based datacenter in the world, beating OVH. Since then, I have only seen Softlayer growing, even though with a very high grade price range they have in the market.

Since they were acquired by IBM, there are complains, Softlayer is focusing more on Enterprise Customers. They have started employing several restrictions over the year. The most recent one is blocking Mail Transport & sanctioned countries in US, all over the Softlayer network (Remember Softlayer is used by many as an IP Transit, that possibly mean, you will loose customers or visitors from a non-sanctioned country if his ISP, who is possibly not Softlayer, but utilises Softlayer IP Transit).

Mellowhost, all the way back in 2004 (It had a different branding before, ‘Mellowhost’ had come in operation from January, 2007), started with 3 vessels from LayeredTech. Over the years (2005-06), we had moved to Softlayer as our primary datacenter premise. We had expanded in Softlayer for straight 8 years before we had realised, Softlayer doesn’t exactly have enough options (I will possibly going to post in details what are they) in hardware, that can utilise and bring your web hosting technology to the newest, which helps improving performance of your web server even for the old clients.

Then we basically started focusing on many other providers and geographically spreading our options over last 2 years. We have chosen providers that let us configure the server according to our choice. Not necessary colocation, but if we want, we can purchase hardwares that we want to use for our Servers (Like Crucial MX200 instead of Samsung Evo or LSI with Fastpath or LSI with Cachecade or a premium 8 bay hot-swappable chasis that is not usually done by the provider). We now utilise a complete Cloud like system where we can move our IPs from hardware to hardware whenever we want, with only restarting the virtual network device. Our system allows us to use DRDB, that can be used for network mirroring at any point of time if a client is expecting a high traffic for very specific period and wants to pay for that only.

Even though, we are almost done shifting from Softlayer, we haven’t completely left Softlayer premise yet. We still have two servers with them, one is in Houston (The premise that was previously owned by ThePlanet, used as a Houston based Shared Hosting for Mellowhost) and the other one is in Dallas (where mellowhost.com runs). Server that we have in Dallas, wasn’t my concern to worry as we have been using ManDrill for sometime now to relay our mails from mellowhost.com. So if Softlayer blocks Mail Transport for this server, this won’t be a problem at all. But the problem was with the Houston server that we have. It was indeed in my mind to switch this server to another provider, but to be honest, I have been a great fan of Softlayer over the time, and literally I have been with them since the start of this company, wasn’t at all interested to completely leave the company for my customer’s purposes.

Then again, it was impossible to add an investment for this server in a hosted smarthost like mandrill or sendgrid as the server has a large number of average emails per day. This server has been on board for last 6 straight years, hosting decent amount of long term clients. You should be able to guess the size of the emails that are sent everyday. This is basically why, we deployed an MTA as smarthost in our Psychz Dallas facility and started relaying our mails from the Houston server over 587 TLS port. This basically worked greatly, to be honest, better than expected. We have employed variant type of spam protection in this server as it had a completely different CPU to process everything, most notably ASSP with mailscanner. We were able to reduce the spam in a great number over last couple of weeks through the use of remote Mail Transport. We will have to calculate how feasible it is to employ this over all other servers that we have. Most important problem with this setup is the SPF. User’s spf should use the Relay server and the MTA both in the TXT line. We did the addition using ‘sed’ for all the current users in Softlayer server and notified the clients, but we later realised there are people who uses ‘Cloudflare’, and we had to find them to manually do the update. The process does have a lot of pros and cons, but a survey will possibly let us know how we can use this as an option for our other cpanel premises. While this goes for future, this system is essential right now for our Houston server, as the local mail transport is no more working since 2nd February, 2016, Softlayer blocked Mail Transport out!

If you are a Softlayer client, and going through the same pain of blocked mail transport, then you are in the same ship as we are, and probably want to use a relay like we did through a cost effective channel unlike ManDrill or Sendgrid.

How to change WHM reseller password!

After all these years, it never came to my mind that when somebody purchases a reseller, they usually do not change their WHM password for a long period. They keep it ‘as it is’ generated by WHMCS on purchasing the reseller package. The most interesting fact is that they don’t change it, because they fail to find an option to change it in WHM.

WHM doesn’t come with a distinct option saying ‘Change WHM Password’ unfortunately. That makes a percentage of reseller believe that they can not change their WHM password. In recent times, while investigating a couple of reseller hacks, I could determine, one of the primary reason of password leakage is, not changing the WHM password for longer period of time and keeping it ‘saved’ in browser. At a certain point of time, when the browser gets exposed to the hacker, user loose control over their WHM account.

Now the question comes, how to change a WHM password! Your WHM username is basically a cpanel username. It only granted to be able to own multiple cpanel accounts and that is the only difference, that’s all. To change the WHM password, simply login to your cpanel with the WHM details and use the ‘Change Password’ option. So if your WHM url is http://something.com/whm with username: something and password: anything, then you basically login with the same details in http://something.com/cpanel instead of whm. Once logged in, just visit the Change Password to change your WHM/Reseller password.

It is highly recommended for all the users to change the password once they receive their reseller welcome email. You should try changing the reseller password often to prevent any anonymous leakage from unknown attacks. It is also advised not to save the WHM password in your browser. Please keep in mind, your password can leak access to the cpanel accounts under you and cause great threat for their websites & domain reputation. They possibly have no reason to be so.

How to install fusecompress in CentOS 6

What is fusecompress?

FuseCompress provides a mountable Linux filesystem which transparently compresses its content. Files stored in this filesystem are compressed on the fly and FUSE allows to create a transparent interface between compressed files and user applications. FuseCompress supports different compression methods: LZO, gzip, bzip2, and LZMA.

How to install fusecompress in CentOS 6?

Follow the following to install fusecompress in CentOS 6

Install pre-tools

# yum groupinstall 'Development Tools'
# yum install boost boost-devel boost141-iostreams
# yum install fuse fuse-devel zlib-devel bzip2-devel lzo-devel
Download and Install fusecompress using git
# git clone git://github.com/tex/fusecompress.git
# cd fusecompress
# ./configure --with-z --with-bz2 --with-lzo2 --without-lzma --with-boost-serialization=boost_serialization --with-boost-iostreams=boost_iostreams --with-boost-program-options=boost_program_options --with-boost-file --with-boost-filesystem=boost_filesystem
# make
# make install

How to Download a Backup of Gmail?

What is Gmail?

Gmail is a free (gratis), advertising-supported email service provided by Google. Users may access Gmail as secure webmail,[6] as well as via POP3 or IMAP4 protocols.

How to Download/Take Backup of Full Gmail Account?

Google has started a service called “Takeout”. It allows you to backup any Google Products you are using. Google allows you to take a MBOX copy of your Gmail archive. You would need to generate it from “https://www.google.com/settings/takeout/”.

Once the generation is done, you can download the backup and load it in any MBOX environment.

How to install node.js in a shared cpanel hosting account

What is node.js?

Node.js is event-driven, asynchronous I/O server-side JavaScript environment based on V8 engine.

Pre-Requirements

You don’t need full root access to install node.js in a cpanel hosting account. Although, you require to have access to the following from your hosting provider:

1. Compiler Access
2. SSH Access
3. An open port
4. Automatic Process Killing Exclusion

You need to first contact your provider to ensure you can access ‘1’ & ‘2’. In case 3 and 4, mention the port you want to use for your node.js app. Provider will exclude the port and your cpanel username in the firewall.

Installation: Step 1

First, find out if you have python 2.6 or above and bzip2-devel installed in the server. You can do using the following commands:

# which python
/usr/bin/python
# python -V
Python 2.6.6
# rpm -qa|grep bzip2-devel
bzip2-devel-1.0.5-7.el6_0.x86_64

Most of the latest cPanel server will have Python 2.6.6 or 2.6.7. So, as long as your provider isn’t running some old version of cPanel. If you have Python 2.6, you don’t need to recompile python. Python in cPanel server executable by the users. You might not see bzip2-devel installed. In case, it is not, your provider would need to install it using yum.

# yum install bzip2-devel

Step 2

Once the above ‘Step 1’ things are available, you can download the latest node.js binary and compile it. While writing this tutorial, node.js is running 0.10.24. You can download the latest node.js source from here:

http://nodejs.org/download/

# wget http://nodejs.org/dist/v0.10.24/node-v0.10.24.tar.gz
# tar -xvzf node-v*
# cd node*
# ./configure --prefix=$HOME
# make
# make install

Out of all the commands above, you need to note the ‘prefix’. It should use $HOME if you are running from the user’s shell. A root user can use the path to the home directory of the cpanel user like /home/cpanelusername in place of $HOME to install node.js in a cpanel user’s account.

Step 3

If you have installed node.js from the root account, change the permission for /home/cpanelusername/bin, /home/cpanelusername/include, /home/cpanelusername/lib to the cpanelusername.

# cd /home/cpanelusername
# chown -Rf cpanelusername:cpanelusername node* bin include lib

Now you can run a node.js node. A simple script to open a port can be the following:

# nano sock.js

Insert the following:

var net = require(‘net’);
var server = net.createServer(function (socket) {
socket.write(‘Open Serverrn’);
socket.pipe(socket); });
server.listen(674, ‘203.20.20.20);
console.log(‘Server running at http://203.20.20.20:674/’);

Now you can run the node as following:

# node sock.js

 

A new WordPress Firewall Plugin

I had written a blog post regarding “How to protect your wordpress blog from web injection” before. I had mentioned a firewall plugin called “WordPress Firewall” which used to be very helpful at the time I had written the blog. But it seems the updated version of WordPress Firewall 1 & 2 both were not updated for pretty long time. It is now better to switch to something else. Upon my research of the current plugin market, I find the following WordPress Firewall plugin very useful “All in one WordPress Security & Firewall“.

So, take sometime to go on a maintenance for your wordpress blog and install the latest option to secure your blog.

‘ca-certificates’ update error

Since the last “ca-certificates” release for RHEL/CentOS 6 or Fedorar 14 with version stating 2013, there is a roaming error of not being able to update “ca-certificate” version starting from 2010 to the latest 2013. The error is somewhat looks the following through yum:

Running Transaction
Updating : ca-certificates-2013.1.94-65.0.el6.noarch 1/2
Error unpacking rpm package ca-certificates-2013.1.94-65.0.el6.noarch
warning: /etc/pki/java/cacerts created as /etc/pki/java/cacerts.rpmnew
warning: /etc/pki/tls/certs/ca-bundle.crt created as /etc/pki/tls/certs/ca-bundle.crt.rpmnew
warning: /etc/pki/tls/certs/ca-bundle.trust.crt created as /etc/pki/tls/certs/ca-bundle.trust.crt.rpmnew
error: unpacking of archive failed on file /etc/ssl/certs: cpio: rename
Verifying : ca-certificates-2013.1.94-65.0.el6.noarch 1/2
ca-certificates-2010.63-3.el6_1.5.noarch was supposed to be removed but is not!
Verifying : ca-certificates-2010.63-3.el6_1.5.noarch 2/2

Failed:
ca-certificates.noarch 0:2010.63-3.el6_1.5 ca-certificates.noarch 0:2013.1.94-65.0.el6

The following part of the error to be noted:

error: unpacking of archive failed on file /etc/ssl/certs: cpio: rename

It looks like the new “ca-certificate” is using a new structure. In old versions, “certs” is a folder which contains old certificates. While updating with the new one, it is trying to create a symlink with the /etc/pki/tls/certs/ by removing the old directory, which it fails with yum.

To solve the error, run the following:

$ mv /etc/ssl/certs /etc/ssl/certs.back
$ ln -s /etc/pki/tls/certs /etc/ssl/certs
$ yum update ca-certificate*

This should solve the error.

How to Solve Force File System Quota Check on Every Boot RHEL/CentOS

I had been seeing an uprising issue of forced file system quota check on every boot after migrating to RHEL 6 or CentOS 6. I hadn’t seen the same issue before. I had been tackling it by changing the quotacheck file on each boot to something different. Quotacheck file is located:

$ ls /sbin/quotacheck

I couldn’t get enough information on something was changed in RHEL 6 which triggered this event. I went to trace out the root reason of this starting from Linux Boot Init script.

Continue reading “How to Solve Force File System Quota Check on Every Boot RHEL/CentOS”

What is the difference between Mangle Table & NAT Table?

You must know IPTables to understand routing properly. Once the concept & perspective of IPTables is cleared to somebody, it would become very easy to understand Linux routing and write Iptables rules to create & configure your own desired network. I will write a series of posts trying to explain and clear the confusion over Iptables basic perspective.

Continue reading “What is the difference between Mangle Table & NAT Table?”