Cpanel Backups

Jan25
by Ike on January 25, 2012 at 2:10 am
Posted In: Backups, How to, Videos

Backups are very important to a website. If something should happen to the server, whether it be a hardware failure or breech of security, it is always good to have a copy or 2 to revert to.

Backups can be setup 2 ways. The host can make backups, download backups and restore backups from within WHM and the end user can do it right from their cPanel account.

Configure automatic backups in WHM:

  1. Type “Backup” in the find box
  2. Just below that, click “Configure Backup”

 

This will bring you to a screen with a lot of options. It is important to pay attention to each option so that you get what you need in your backups. You can backup the whole account, just the database or just the users home directory.

There are many options available to choose from to fit your needs. At the bottom you can use ftp to transfer the backups to an off site server. Also at the bottom you can exclude certain accounts that you don’t need backed up. You can also set up the backups to be compressed or not compressed. compressed backups save space but non compressed backups don’t take as long to complete leaving more resources for the sites.

Backups In cPanel:

  1. Type “Backup” in the find box
  2. Click on “Backup Wizard”
  3. You will see backup and restore buttons click “backup”
  4. Now choose a Full backup or one of the partial backup options
  5. Choose the home directory for the file location
  6. Add your e-mail address to receive confirmation upon completion
  7. Click “Generate Backup”

 

Now all you have to do is click “Go back” and you will see where the backup link is at the top. By clicking this link it will download the backup to your home/office computer.

Restoring in cPanel is just as easy.

  1. Type “Backup” in the find box
  2. Click on “Backup Wizard”
  3. You will see backup and restore buttons click “restore”
  4. Then choose the type of backup you would like to do, Home directory, Database. or email.
  5. Then browse you home/office computer for backups you have saved
  6. Click “upload”

 

The files that you have requested have now been restored.

Below you will find some videos and links to help explain configuring backups.

└ Tags: , , ,
 Comment 

ModSec – White listing

Jan25
by Ike on January 25, 2012 at 12:25 am
Posted In: How to, ModSecurity, One Liners

Whitelist A Rule in Mod Security

 

# Find Modsec Errors

cat /usr/local/apache/logs/error_logs | grep -i modsec

# Check the domain logs if you don’t see it in the apache logs

cat /usr/local/apache/domlogs/$DOMAIN | grep -i modsec

# Add this at the end of either line to search by IP

| grep ipa.dd.re.ss

# Once you find the id [“ID:300016″] and the URI [URI”/wp-admin/themes/]”

vim /usr/local/apache/conf/modsec2/whitelist.conf

# Add the whitelisting code below to white list by ID

<LocationMatch “$URI”>

SecRuleRemoveById $IDNUMBER, $IDNUMER2

</LocationMatch>

# Whitelist By IP Replace 111 222 333 444 with the IP

SecRule REMOTE_ADDR "^111\.222\.333\.444" phase:1,nolog,allow,ctl:ruleEngine=off

#RESTART APACHE

/etc/init.d/httpd restart

└ Tags: , ,
 Comment 

Install WordPress

Jan25
by Ike on January 25, 2012 at 12:04 am
Posted In: CMS, How to, Linux, Uncategorized

# Download and unzip wordpress

cd /home/$USER/public_html

wget http://wordpress.org/latest.zip

unzip latest.zip

rm latest.zip

# remove superfluous directory

mv wordpress/* ./

rmdir wordpress/

# Make wordpress writeable by the webserver/or USER

mkdir wp-content/uploads wp-content/cache

chown apache:apache wp-content/uploads wp-content/cache

chown -R $USER. ./

└ Tags: , , , ,
 Comment 

[20120104] – Core – XSS Vulnerability

Jan23
by Ike on January 23, 2012 at 9:45 am
Posted In: CMS, Core Security, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.7.3 and all earlier versions
  • Exploit type: XSS Vulnerability
  • Reported Date: 2012-January-22
  • Fixed Date: 2012-January-24

Description

Inadequate filtering leads to XSS vulnerability.

Affected Installs

Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions

Solution

Upgrade to version 1.7.4 or 2.5.0 or higher

Reported by David Jardin

Contact

The JSST at the Joomla! Security Center.

└ Tags:
 Comment 

[20120103] – Core – Information Disclosure

Jan23
by Ike on January 23, 2012 at 9:45 am
Posted In: CMS, Core Security, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
  • Exploit type: Information Disclosure
  • Reported Date: 2011-December-19
  • Fixed Date: 2012-January-24

Description

Inadequate filtering leads to information disclosure.

Affected Installs

Joomla! version 1.7.3 and all earlier versions

Solution

Upgrade to version 1.7.4 or 2.5.0 or higher

Reported by Jean-Marie Simonet

Contact

The JSST at the Joomla! Security Center.

└ Tags:
 Comment 

52 queries. 8.75 mb Memory usage. 0.281 seconds.