ISP Problem Solving Blog, Software Development and More

Mor-Pah.net

Category Archives: plesk

Plesk 12 + CentOS 6 + Mod_security not working or blocking?

Posted on by Posted in plesk Leave a comment

So, you need to enable the ‘Web Application Firewall’ (aka Mod_security) on Plesk 12 and CentOS 6?

I personally had quite a few problems getting this working in the beginning. When I finally got Mod_security installed via plesk and turned on I found that it wasn’t actually blocking anything. One way to test whether Mod_security is working or not is to navigate to http://www.domain.tld/etc/passwd . If you instantly get a 403 Forbidden chances are it’s working fine, if not and you are running Plesk 12 and CentOS 6.X, try the below.

First, find out what RPM packages you have installed (ignore the yum plugin listed). In some cases I had an old 2.7.3 mod_security listed which is no good.

[root@server yum]# rpm --query --all | grep security
plesk-modsecurity-configurator-12.0.18-cos6.build1200140724.12.noarch
yum-plugin-security-1.1.30-30.el6.noarch
plesk-modsecurity-crs-12.0.14-14033112.x86_64
mod_security-2.8.0-24.el6.art.x86_64

Next, remove those packages (excluding the yum one listed).

[root@server yum]# rpm --erase plesk-modsecurity-configurator-12.0.18-cos6.build1200140724.12.noarch plesk-modsecurity-crs-12.0.14-14033112.x86_64 mod_security-2.8.0-24.el6.art.x86_64

Now, manually download the right RPM’s from plesk directly and install them. 

[root@server temp]# wget http://autoinstall.plesk.com/PSA_12.0.18/dist-rpm-RedHat-el6-x86_64/opt/hosting/modsecurity/mod_security-2.8.0-14061715.x86_64.rpm
[root@server temp]# wget http://autoinstall.plesk.com/PSA_12.0.18/dist-rpm-RedHat-el6-x86_64/opt/hosting/modsecurity/plesk-modsecurity-configurator-12.0.18-rhel6.build1200140724.12.noarch.rpm
[root@server temp]# wget http://autoinstall.plesk.com/PSA_12.0.18/dist-rpm-RedHat-el6-x86_64/opt/hosting/modsecurity/plesk-modsecurity-crs-12.0.14-14033111.x86_64.rpm
[root@web18 temp]# rpm -i mod_security-2.8.0-14061715.x86_64.rpm plesk-modsecurity-configurator-12.0.18-rhel6.build1200140724.12.noarch.rpm plesk-modsecurity-crs-12.0.14-14033111.x86_64.rpm

If all installed ok, head to plesk and turn ‘ON’ the Web Application Firewall under Tools & settings. If you already had it on, try turning it off and on again 😉

Hope this helps!

Decrypt Plesk 11 passwords

Posted on by Posted in plesk 7 Comments

We had a need to decrypt plesk passwords upon request to interface with another system so after a bit of playing about the following code is what we landed at:-

<?php

$key = file_get_contents("/etc/psa/private/secret_key");

$hash = explode('

Just pass the AES string in its entirety from the psa database.

Hope this helps people :)

James
, '$AES-128-CBC$some-example-string==$some-example-salt==');

$iv = base64_decode($hash[2]);
$ct = base64_decode($hash[3]);

$dec = str_replace("\0", "", mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $ct , MCRYPT_MODE_CBC, $iv));

echo($dec);

?>

Just pass the AES string in its entirety from the psa database.

Hope this helps people 🙂

James

Unable to Complete Switching to the Panel 10 Business Model

Posted on by Posted in plesk Leave a comment

I’ve recently been involved in upgrading a number of Parallels Plesk installations from version 9.5.4 (or sometimes earlier) to 10.4.4+.  Because of the model changes between version 9 and version 10 during the upgrade a bootstrap script runs which tries to convert the majority of clients and domains into customers and ‘custom subscriptions’.  Unfortunately for a lot of setups this isn’t entirely straight forward and after the installation completes under the ‘Tools’ menu there’s an option named ‘Complete Switching to the Panel 10 Business Model’ which must be run to transition any remaining customers and subscriptions that do not ‘fit’.

For the majority you can use the recommended actions in completing the transitions and most customers and subscriptions will transition fine. If not, maybe the below scenarios will help:

1. If you receive the error ‘Error: Some of the selected customers and subscriptions were not transitioned.’ then to fix this you will need to use the selective transition model under ‘selective transition of customers’ OR ‘selective transition of Subscriptions’ and try applying an alternative transition scheme – hopefully this will work.  You may find that by traversing into an individual customer or subscription and using the ‘Apply Transition Scheme’ may give more useful errors, i.e. ‘Domain limits exceeding Subscription’.

2. If  you find that you’re left with a lot of customers and subscriptions that will not transition and there’s no error the only way to work around this is to move the subscriptions to one customer then move them back by using the ‘change subscriber’.

Hope this helps!

Jay Greig

Plesk 10 and 11 Scheduled Tasks

Posted on by Posted in plesk 5 Comments

I came across an issue recently with plesk control panel not playing ball with scheduled tasks / cron jobs.  Since version 10, plesk places all users into a chroot in their home directory when performing tasks such as cron jobs.  The problem with this is that when customers follow the guides of their CMS or any other application by them entering something like the following:

‘/usr/bin/php /var/www/vhosts/site.com/httpdocs/cron.php

They will find that the above fails miserably no matter how hard they try, ‘wget’, ‘curl’ no matter what as below:

/usr/bin/php: No such file or directory
/usr/bin/wget: No such file or directory
/usr/bin/curl: No such file or directory

Reason for this is that each user has a chroot with a number of binaries available to them in ‘/var/www/vhosts/site.com/bin’ and you’ll find there’s no ‘php’ binary in there.  One method around this is to link php into the chroot but an easier way if you do not need the chroot is to switch things back to how they were by running the following on the server:

/usr/local/psa/bin/server_pref -u -crontab-secure-shell “/bin/sh”

This will tell the plesk built-in scheduler / cron handler to use normal /bin/sh allowing references to ‘/usr/bin/php’ to work.

Hope this helps people!

Jay Greig