For Plesk Linux:

Login to your server by SSH, with root privilege and run:

# cat /etc/psa/.psa.shadow

You will see the current password in Plan Text form.

For Plesk Windows:

Login to your server from Remote Desktop Connection, with administrator rights and run:

“C:\Program Files\Parallels\Plesk\admin\bin\plesksrvclient.exe” –get

And you will see a Windows Box with your admin password.

Note: If your Plesk installation is older the file will be located in C:\Program Files\SWsoft\Plesk\admin\bin

Note: If you are running Windows x64 (Dedicated or virtual) the path will be: C:\Program Filex (x86)\Parallels\Plesk\admin\bin (Parallels folder may be SWsoft on older plesk installs)

Configuration for PLesk

verbose=true

Key.Directory=/var/www/key

OS.Type=UNIX

traceLog=/var/log/tomcat5/icici.log

;; -*- mode: Scheme; tab-width:4 -*-

;; A simple php.ini

;; extension_dir is this “cgi” directory

extension_dir=.

;; include php libraries from these directories

include_path=.:/usr/share/pear

java.classpath = /usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/cryptix32.jar;/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jcert.jar;/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jnet.jar;/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jsse.jar;/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/servlet.jar;/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/sfa.jar;

include_path=.:/usr/share/pear

CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/cryptix32.jar;

CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jnet.jar;

CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/servlet.jar;

CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/sfa.jar;

CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jcert.jar;

CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jsse.jar;

export include_path

export CLASSPATH

# keytool -import -alias pgIntermediateCA -file ./intermediate.cer -keystore /usr/java/jdk1.6.0_12/jre/lib/security/cacerts -storepass changeit

This might give an error like keytool error: gnu.javax.crypto.keyring.MalformedKeyringException: incorrect magic which can be ignored.

$oMerchant->setMerchantDetails(“0000XXXX”,”0000XXXX”,”0000XXXX”,”193.545.34.33″,rand().”",”Ord123″,”http://10.10.10.147:8756/SFAResponse.php”,”POST”,”INR”,”INV123″,”req.Preauthorization”,”100″,”",”Ext1″,”true”,”Ext3″,”Ext4″,”Ext5″);

Also in SFAResponse.php and “./Sfa/PostLibPHP.php” file on line 2 would also change from

‘ require_once(“java/Java.php”);’ to ‘ require_once(“java/Java.inc”);’

http://www.configserver.com

I have listed the installation steps for CSF / LFD.Login to your server with ‘root’ user and issue below commands :

Change directory to either /root or /usr/local/src , which ever you normally use for such installations

# cd /usr/local/src

[Remove any old source that might be present]

Download and untar the source for installation

# wget http://www.configserver.com/free/csf.tgz
# tar -xzf csf.tgz

Run installation script

# cd csf
# sh install.sh

Once the installation complete, you can run the below scripts provided by vendor to check if your server/vps has required iptables modules available :

# perl /etc/csf/csftest.pl

CSF provides the script to remove the other popular combination I talked about above i.e. apf/bfd, The below script will remove apf/bfd from your server/vps.

# sh /etc/csf/remove_apf_bfd.sh

Common setting for incoming/outgoing TCP/IP and UDP connection.

ETH_DEVICE = “eth1″

ETH_DEVICE_SKIP = “eth0″

# Allow incoming TCP ports
TCP_IN = “20,21,25,53,80,106,110,111,143,443,465,587,865,873,993,995,8443,8880″

# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,80,110,443,43,873,8443″

# Allow incoming UDP ports
UDP_IN = “53,111,123,230,631,859,862,2109,5353″

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = “20,21,53,113,123,2109″

# Allow incoming PING
ICMP_IN = “1″

# Set the per IP address incoming ICMP packet rate
# To disable rate limiting set to “0″
ICMP_IN_RATE = “0″

# Allow outgoing PING
ICMP_OUT = “1″

# Set the per IP address outgoing ICMP packet rate
# To disable rate limiting set to “0″
ICMP_OUT_RATE = “0″

# Enable login failure detection daemon (lfd).
LF_DAEMON = “1″

For allowing Qmail in CSF alter below setting(s)

SMTP_BLOCK = “1″
SMTP_ALLOWLOCAL = “1″
SMTP_PORTS = “25,587″
SMTP_ALLOWUSER = “qmaild,qmaill,qmailp,qmailq,qmailr,qmails”
SMTP_ALLOWGROUP = “qmail,nofiles,mail,mailman”

Set CSF/LFD reporting FROM/TO ID as below [**** Need to set for Plesk]

LF_ALERT_TO = “supportteam@diadem.co.in”
LF_ALERT_FROM = “csf_LFD@diadem.co.in”

Allowing third party block list checking

# Enable IP range blocking using the DShield Block List at
LF_DSHIELD = “86400″

# Enable IP range blocking using the Spamhaus DROP List at
LF_SPAMHAUS = “86400″

# Enable IP range blocking using the BOGON List at
LF_BOGON = “86400″

Now Add the LFD ignore list for qmail/plesk mail user/process in csf.pignore file.

# vim /etc/csf/csf.pignore

#### Custom for Plesk ####
user:admin
exe:/var/qmail/bin/qmail-smtpd
exe:/usr/bin/imapd
exe:/var/qmail/bin/qmail-queue
exe:/usr/bin/pop3d
exe:/var/qmail/bin/qmail-send
cmd:qmail-send
cmd:/usr/bin/pop3d Maildir
cmd:/var/qmail/bin/qmail-queue
cmd:/var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
cmd:/usr/bin/imapd Maildir
exe:/var/qmail/bin/qmail-rspawn
cmd:qmail-rspawn
exe:/var/qmail/bin/qmail-clean
cmd:qmail-clean
exe:/usr/sbin/clamd
cmd:clamd
exe:/var/qmail/bin/splogger
cmd:splogger qmail
exe:/var/qmail/bin/qmail-remote.moved
user:qmaill
user:popuser
user:qmaild
user:qmails
user:qmailr
user:qmailq
user:qscand
exe:/usr/sbin/avahi-daemon
user:avahi
exe:/usr/local/sbin/zabbix_agentd
cmd:/usr/local/sbin/zabbix_agentd
user:zabbix
exe:/usr/bin/sw-engine-cgi
cmd:/usr/bin/sw-engine-cgi
user:sso
exe:/usr/sbin/sw-cp-serverd
cmd:/usr/sbin/sw-cp-serverd -f /etc/sw-cp-server/config
user:sw-cp-server
exe:/usr/bin/sw-engine-cgi
cmd:/usr/bin/sw-engine-cgi -c /usr/local/psa/admin/conf/php.ini -d auto_prepend_file=auth.php3 -u psaadm
user:psaadm
exe:/usr/libexec/mysqld
cmd:/usr/libexec/mysqld –basedir=/usr –datadir=/var/lib/mysql –user=mysql –pid-file=/var/run/mysqld/mysqld.pid –skip-external-locking –socket=/var/lib/mysql/mysql.sock
user:mysql
exe:/usr/libexec/hald-addon-acpi
exe:/usr/sbin/hald
cmd:hald
user:haldaemon
exe:/usr/bin/postgres
user:postgres
exe:/sbin/portmap
cmd:portmap
user:rpc
exe:/usr/bin/xfs
cmd:xfs -droppriv -daemon
user:xfs
exe:/usr/bin/python
cmd:/usr/bin/python /usr/lib/mailman/bin/qrunner –runner=VirginRunner:0:1 -s
user:mailman
exe:/usr/java/jdk1.6.0_20/bin/java
user:tomcat

Note: You may need to add few more process/user as per your requirement.

Now start the CSF

# csf -s

Restart LFD

# service lfd restart

Installation is done, now check the website, mail  and other services(s) and disable TESTING mode and restart CSF/LFD

# csf -r
# service lfd restart

I will list below some of very common commands you will need to use/manage csf firewall :

Enabling the firewall

# csf –enable OR
# csf -e

Disabling the firewall

# csf –disable
# csf -x

Starting firewall / applying rules

# csf –start
# csf -s

Stopping firewall / flushing rules

# csf –stop
# csf -f

Adding an IP in firewall

# csf -d 2.3.4.5 “Reason for blocking the IP”
# csf –deny 2.3.4.5 “Reason for blocking the IP”
where 2.3.4.5 is the IP you want to block.

Removing IP from deny list

# csf -dr 2.3.4.5

Another feature which has been added in the Linux version of Plesk is the option to create additional FTP users, which will benefit organisations which require additional ftp users with restricted access to their folders and a primary admin user to manage the individual ftp users from a single console.

New client dashboard with an enhanced menu system. The new menu is more user friendly and faster access with respect to earlier Plesk versions.

The above screenshot is for the user (role) creation for grant/deny of particular service(s).

The most awaited new feature “Additional FTP Account”, which can be control with a Main FTP user.

An improved application vault for installing your favourite open source applications like WordPress, Joomla and much more.

Some of the key features of Plesk 10 is highlighted below:

Separate administrator user interface – Parallels Plesk Panel now comes with a separate administrator interface, optimized for server and business management.

Control panel improvements – Performance improvements for control panels make pages load much faster.

Upgradable Apache configurations – Your customized Apache configurations will now remain in force when you upgrade.

Role-based access – Customer administrators can specify application access based on user roles, enabling them to easily limit access to only those users who need it.

Improved security and performance – FastCGI lets you isolate sites in a shared hosting environment with greater account density than suPHP.

Improved password security – Assignment of random default passwords and a password strength indicator protect your servers from hackers and lower support costs attributable to broken passwords.

More flexibility in hosting plans – New and more flexible hosting concepts support a superior growth path to the future. Key features include multi-domain hosting; ability to assign multiple add-on plans to a subscription; and ability to automatically update subscription settings when plans change.

Intuitive and modern SiteBuilder (free with Parallels Plesk Panel Unlimited licenses) – The brand-new SiteBuilder, rebuilt from the ground up, enables instant Web site creation. It includes point-and-click and drag-and-drop capabilities, complete with content appropriate for different small business types and personal interests.

Like most web hosters, we are hopeful that the new version would allow our clients to get more out of their hosting plans and we intend to upgrade our clients to the new version in a phased manner over the next few months. Feel free to share your views on the new Plesk 10 panel.

Links for more information on Plesk 10:

http://www.parallels.com/products/plesk
http://www.parallels.com/products/plesk/new
ftp://download1.sw-soft.com/Plesk/PP10/Doc/

Why would you need catch all subdomains

Maybe you have a few subdomains but sometimes your visitors are accessing non-existing subdomains. So the most appropriate solution would be to either redirect them to your main website or at least show them a list of available pages.

Step-by-step configuration in Plesk

1. Create a subdomain ‘z-WILDCARD’ in Plesk – under the admin section of the right domain.
   Why do we need this name?  Because this entry should be the last entry in the list of subdomains, otherwise this “trick” will not work.
2. Add special configuration (catchall for all subdomains) to the vhosts.conf file of this subdomain.
   Normally it’s located in /srv/www/vhosts/domain.com/subdomains/z-WILDCARD/conf/vhosts.conf. You have to create it – normally you need the root user to do this. Copy the following content into the file:
   ServerAlias *.domain.com
3. Apply the new configuration – recreate the Apache configuration. You have to run the tool websrvmng which is a Plesk tool that manages and creates the webserver configuration. Execute the following as root user.
   /usr/local/psa/admin/sbin/websrvmng -u --vhost-name=domain.com
4. Finally – restart Apache to load the new configuration, also as root.
   service httpd restart

That’s it! Now your users can access non-existing subdomains as e.g. doesnotexists.domain.com and you should see the Plesk page displayed for new pages.

Use instructions below to configure an additional alternate SMTP port in a Plesk Server running in Redhat Enterprise Linux Version 4/5 or CentOS version 5 in Qmail Server.

Choose any unused port and add it to the /etc/services file, for example:

smtp_alt        8425/tcp        mail            # Alternate SMTP Port
smtp_alt        8425/udp        mail            # Alternate SMTP Port (optional)

Make a copy of /etc/xinetd.d/smtp_psa to /etc/xinetd.d/smtp_psa_alt and correct service line within new file:

service smtp_alt

Below is a sample of smtp_psa_alt file.

service smtp_alt
{
socket_type     = stream
protocol        = tcp
wait            = no
disable         = no
user            = root
instances       = UNLIMITED
server          = /var/qmail/bin/tcp-env
server_args     = -Rt0 /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var
/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

Restart xinetd and Qmail

service xinetd restart
service qmail restart

SMTP connections will be accepted on the both standard and 8025 ports. You may also need to reconfigure Horde IMP (webmail) settings so it uses the alternative SMTP port too. This can be done editing the following file in Horde webmail:

/etc/psa-horde/imp/servers.php file under smtpport parameter for both IMAP and POP3 servers.

You can manually remove the lock from psa database.

Do the following from the shell console
# mysql -u admin -p`cat /etc/psa/.psa.shadow`
mysql> use psa;
mysql> delete from lockout where login = 'admin';

This short but helpful tip would allow you to login to the admin panel immediately without having to wait for 30 or more mins.
Note: There is a rating embedded within this post, please visit this post to rate it.

Assuming you already have an existing domain (example.com) with the primary FTP user (jack) with password (schmidt) with home directory (/var/www/vhosts/example.com), and you wish to create additional ftp users (jill and bob) with the same access privileges as jack:

Procedure:

Login to server via SSH as root.

Issue the shell command:

#cat /etc/passwd |grep ‘jack’

This will show you a line similar to the following:

jack:x:10041:10001::/var/www/vhosts/example.com:/bin/false

The first number (after the 2nd colon : ) is 10041, so this is the UID of user jack. You will need this in the ‘useradd’ lines since useradd wants a number for the UID.

The second number (after the 3rd colon : ) is 10001, this is the GID (psacln), we won’t need that right now.

Then run the following shell commands to create the users and passwords:

#useradd -u 10041 -o -d /var/www/vhosts/example.com -g psacln -s /bin/false jill
#useradd -u 10041 -o -d /var/www/vhosts/example.com -g psacln -s /bin/false bob
#passwd jill (enter the new password and confirm it, does not have to be the same as jack’s)
#passwd bob (enter the new password and confirm it, does not have to be the same as jack’s)

You should now be able to use an FTP client to login with that user’s name and password.

User jill and bob should be able to see the example.com docroot just as user jack can. You should NOT be able to browse above the example.com docroot directory. All 3 users should have the same access to the files since they belong to the same group, so no matter which of the users created or edited the file(s), all should be able to access/edit/whatever the same files.

(NOTES: Since these are users defined at the OS level, when connecting with an FTP client, they would login with username ‘jill’, ‘bob’, or ‘jack’. They would NOT use ‘jill@example.com’. This also means that USERNAMES MUST BE UNIQUE.)

Subdomain FTP users:

If you wanted to change their default directory and limit them to a Plesk created subdomain docroot, in the useradd line above, you would change “/var/www/vhosts/example.com” to “/var/www/vhosts/example.com/subdomains/subname”. So if you wanted to create the same users, but for a subdomain called ‘admin’:

Then do the following shell commands to create the users and passwords:

#useradd -u 10041 -o -d /var/www/vhosts/example.com/subdomains/admin -g psacln -s /bin/false jill
#useradd -u 10041 -o -d /var/www/vhosts/example.com/subdomains/admin -g psacln -s /bin/false bob
#passwd jill (enter the new password and confirm it, does not have to be the same as jack’s)
#passwd bob (enter the new password and confirm it, does not have to be the same as jack’s)

Deleting an FTP user:

#userdel jill

(Note: this will not delete any files unless you use the -r option which you probably don’t want to do if they are sharing files!)
Note: There is a rating embedded within this post, please visit this post to rate it.