cPanel Website Transfer – Part 1 – Changing an Add-on Domain to a Primary Domain

Converting an Add-on Domain to a Primary Domain

Skill Level : Beginner

In this post, I will explain how to convert an add-on domain to a primary domain. Considering a complex case, lets consider the primary domain should be a different one from the one that holds the Add-on domain.

Pre Requisites

Server Platform : Linux

User requires     : cPanel and SSH access (root)

This is a Site transfer. Also both the sites I’ve mentioned here is on same server.

Case

The Add-on Domain under a website has to be converted as its Primary Domain. If you have a Full backup, its another case. I’ll explain it in another post.

Solution

Lets consider the Add-on Domain is addon.com under the user admin and the document root of the add-on domain is :

/home/admin/public_html/addon

Now it should be transferred as the Primary Domain

* Using WHM Create a New account primary.com, the document root is then say /home/primary
We’ve to transfer the whole data from /home/admin/public_html/addon.com to /home/primary/public_html first.

* The Steps will be :

root@server [/home/admin/public_html/addon]# cp -r ./* /home/primary/public_html

This will recursively copy everything inside the PWD to the specified location
(Read the rest of this entry…)

Worried about email migrations and mail syncing – get getmail for the rescue

Most of the hosting providers offer free server migration. The free website migration started as early as 2005, in the industry. But only a few providers offer the email migration for a website transfer involving different control panels. So using getmail is the easiest way to transfer emails. All we need is to create the email account in the new server and configure the getmail to transfer the emails.

Download getmail at http://pyropus.ca/software/getmail/old-versions/getmail-4.20.3.tar.gz

wget http://pyropus.ca/software/getmail/old-versions/getmail-4.20.3.tar.gz
tar xzf getmail-4.20.3.tar.gz
cd getmail*
python setup.py install

Now you have to create a getmailrc , the getmail configuration file inside the home folder of the user. getmailrc need not be inside the home directory. You have to create the folder .getmail where getmail keeps a log of the emails retrieved based on each configuration file you may have.You can have multiple destination and retriever sections in one single getmailrc as well.

I must say getmail is so much flexible and rightly coded when the mailsync or imapsync didn’t do their job right or up to the mark. And is an excellent replacement for fetchmail. It supports POP, POP3S, IMAP4 and IMAPS, and also can store the mails retrieved in mbox or maildir format at the destination.

An extremely simple getmailrc file will look like this

[retriever]
type = SimpleIMAPRetriever
server = mail.domain.com
username = direct@domain.com
password = direct

[destination]
type = Maildir
path = /home/cpusername/mail/.direct@domain_com/

The file format should be pretty self-explanatory. You’re telling getmail to fetch your email from server, mail.domain.com by logging to it using the mentioned username and password. The destination section mentions where to store the retrieved email and in which format (Maildir or mbox or mboxrd). Make sure that the cur, new and tmp are there inside those folder though. However getmail may create those folders automatically though.

Finally to get this going, just run “getmail –rcfile getmailrc”

Once you run it, assuming that the getmailrc is properly configured, you will be welcomed by a below output.

getmail version 4.20.3
Copyright (C) 1998-2009 Charles Cazabon.  Licensed under the GNU GPL version 2.
SimpleIMAPRetriever:direct@domain.com@mail.domain.com:143:
 msg    1/3983 (299328 bytes) delivered
 msg    2/3983 (2815 bytes) delivered

How to install 32 bit and 64 bit applications on 64 bit Ubuntu OS

Earlier, with Drapper Drake , you only had to install ia32libs. But after that, may be they decided not to release for future versions, no more release. Hackers always find a way round to get their thing done and that exactly what happened with this as well. A bash file was written and released to the public available at http://frozenfox.freehostia.com/cappy/

I recently had to use this frequently and thought about mentioning it. In last two days, I had two such requirements as well. Here in India, Tata Docomo’s USB installation binary, will work only on i386 linux boxes. I would admit that that itself is an achievement But I had to get it working on a x64 architecture as well. And it was complaining about libqt and a few other 32 bit packages. dkpg’s –force-architecture option was also not working because of dependency issue.

This also helped me install a Task Management Software as well, http://codea-dev.com/gtd/download/linux/

Below text is copied from Ubuntu Forum’s. Author’s original post can be found at http://ubuntuforums.org/showthread.php?t=474790

getlibs works on:

• All Ubuntu and Debian systems
• Debian or Ubuntu based distributions (best to use the package name)

Tip: To install a 32-bit debian package for a program (not a library!) use

sudo dpkg -i --force-all package_name.deb

Usage Examples:

getlibs on a program to download all missing libraries:

getlibs /usr/bin/skype

—–

Use getlibs to install a 32-bit library using the library name:

getlibs -l libogg.so.0 libSDL-1.2.so.0

—–

Use getlibs to install a 32-bit library using the package name:

getlibs -p libqt4-core libqt4-gui

—–

Install a 32-bit library file (.deb):

getlibs -i ~/i386_library_1.deb

—–

Download and install a 32-bit library file (.deb):

getlibs -w http://mirrors.kernel.org/ubuntu/pool/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-3_i386.deb

Applying wildcards in GRANT option of MySQL

We had this particular requirement of creating a database user to be used to backup only the cPanel databases. Only recently the database mapping has been introduced by cPanel which allows the clients to create databases without the _ . However on all our client servers, we insist to have the old style with every database has Prefixing On.

Creating the database user to backup only the cPanel databases, means matching the databases with an underscore (_) in its name and that resulted in this particular SQL command to be executed as root user.

GRANT ALL PRIVILEGES ON `%\_%`.* TO `cpdbbackups`@`re.mo.te.ip` IDENTIFIED BY 'p@ssw0Rd' WITH GRANT OPTION;

Read more about the cPanel’s DB mapping at http://www.cpanel.net/blog/integration/2010/05/more-details-about-db-mapping.html

DDoS, prevention, cure! – Part 1

DDoS – Distributed Denial Of Service  Wiki : http://en.wikipedia.org/wiki/Denial-of-service_attack

DDoS is an attack on a computer/server or its resources and thereby making it unavailable to intended users.

Web-hosts must be familiar with this term and will be a victim at-least once. The intention of this post is to give  a brief description about DDoS, its prevention and cure if effected. Please note that this will not server as a perfect guide to the mentioned “Subject-line”, but a “tip-note”.

Understanding DDoS:

The four commonly used programs used by attackers to launch DDoS attacks are

1. Trinoo
2. TFN
3. TFN2K
4. Stacheldraht

Symptoms of DDos:

1. Unusually slow network performance (opening files or accessing web sites)
2. Unavailability of a particular web site
3. Inability to access any web site
4. Dramatic increase in the number of spam emails received—(this type of DoS attack is considered an e-mail bomb)
5. Packet loss for pings to IP/Domain

How DDoS is done:

Pictorial representation of Stacheldraht DDoS attack.

In Stacheldraht DDoS attack, the attacker uses a client program to connect handlers which is a set of compromised machines that issues commands to the agents which in-turn facilitate the DDoS attack. The agents are another set of machines which is compromised using handlers by the attacker. Each handler can control thousands of agents  and all these widely distributed agents floods the target server and thereby increasing the impact of attack.

DoS and DDoS are not the same:

If the attacker initiates an attack from a single host, it is classified as a DoS  as it is not ‘distributed’. In fact, any attack against availability would be classed as a Denial of Service attack. On the other hand, if an attacker uses a thousand systems to simultaneously launch smurf attacks against a remote host, this would be classified as a DDoS attack.

Then what is DRDoS? DRDoS is Distributed Refected Denial of Service. These attacks forge the source address of the IP packets with the victim’s IP and send pings/packets to intermediate hosts. When the intermediate sends back the reply to these pings , it is sent to the victims IP thereby flooding the victim.

Some other types/methods of DDoS/DRDoS/Dos attacks are :

Reflective ICMP attack: The reflective ICMP attack uses public sites like google.com that responds to ICMP ping requests to that of victims IP. The attacker spoofs the victims IP and send requests to the Public servers which will then reply to the actual IP.

TCP SYN flood attack : The attacker sends a packet with SYS bit set of the well known TCP three way handshake. The victim responds to the request by sendong a reply packet with SYN_ACK bit set, but the attackr never responds and thereby increasing the TCP receive queues and denying new TCP connetions. But modern  UNIX and Windows fixed this by increasing the queue qize and limited the number of TCP SYS packets allowed.

UDP attacks : The UDP is one of the most effective way of DDos/DoS attacks. UDP is a stateless protocol and does not have any acknowledgement mechanism by design. PROTOS,the SNMP test suite, and other SNMP tools have been used successfully to launch application level DoS attacks. The Slammer worm was extremely fast because it did not require a response from the compromised computer.

TTL Expiration : The attacker forges the victims IP and send packets with low TTL set to it so that it will expire in the transmit at high speed router. When the TTL reaches zero, the router drops the packet and sends an ICMP TTL expired message to the source address, ie the Victim IP. This attack could be lowered by rate limiting ICMP to all routers in the service provider’s network.

Permanent DoS attacks (PDoS) :  PDoS is an attack that damages the system so badly that it needs the hardware to be replaced or reinstalled. The PDoS is purely a hardware targeted attack in which the attacker modifies the devide fireware by the legitimate method caled flashing. The attacker replaces the hardware firmware with his own modified version which will make the device unstable and render it from the original purpose for which it is made or designed for. The is done by exploiting the hardware security flaws which will allow remote administration of devices such as routers, printers and other networking hardwares.

Degradation Of Service Attacks : The compromised computers are used by the atackers to launch short-lived flooding on victims website which will slow down the website rather than crashing it. This is degradation of service rather than deniel of service and is more seriver than DoS as this is pretty difficult to detect and resolve.

Un-intentional Denial Of Services :  Sudden spike in popularity for a website is the major cause for this. This happens when an extremely popular wesite posts a link to a second site as a part of referrence for news or article. This will lead significant increase in traffic to the secondary website which will result in crashing or server/services. An example for this hapened when Michael Jackson died in 2009 which took down sites like Google and Twitter. (In this case you cant just blame someone )

Blind Denial Of Service : In Blind Deniel of Service, the attacker must be able to receive traffic from the victim, then the attacker must either subvert the routing fabric or use the attacker’s own IP address. Either provides an opportunity for the victim to track the attacker and/or filter out his traffic. With a blind attack the attacker uses a forged IP addresses, making it extremely difficult for the victim to filter out those packets. The TCP SYN flood attack is an example of a blind attack. Designers should make every attempt possible to prevent blind denial of service attacks.