VestaCP and Centos 7 Issues

I’ve been using VestaCP for about a year now ever since I switched from Hostgator to a VPS with OVH.

Today I upgraded the VPS OS to Centos 7 as VestaCP now supports that version as of v0.9.8 release 15.

Two problems became apparent immediately, one of which caused the CPU load to be consistently more than 1. Both are simple configuration errors to fix.

ClamAV

ClamAV caused the CPU to run amok. The error logs showed that it could not control /var/run/clamav/clamd.sock and checking this showed that the file and the directory (/var/run/clamav) had the wrong owner.

Stop the service from trying to start from the VestaCP control panel and then log into your server via ssh. Now set the ownership of both the directory and the file to clam:clam – if the socket file doesn’t exist you can create it with touch and then set the ownership.

Upon restarting the service you should see the CPU load drop dramatically.

NGINX

For some reason VestaCP’s installer puts a link to a configuration file for Apache in the nginx config. This stops the service from starting which is why no websites are served!

Edit /etc/nginx/conf.d/vesta.conf and comment out the line ending in /httpd.conf (there are only 5 lines in the file so it won’t take long).

The service should now start.

Links

Centos – http://www.centos.org
VestaCP – http://www.vestacp.com
OVH – http://www.ovh.com

My Blog Has Been Hacked
and What I Did About It

I don’t know about you but I don’t look at my own websites very often. Create a new page or blog post, check it looks OK and move on.

So imagine my surprise and horror when I was checking all my blogs after updating to the latest version of WordPress to discover that this blog had been well and truly hacked. What was interesting was what the hack did which is why I’ve decided to share this with the world rather than bury my head in shame.

When you loaded this site, everything looked normal for about 5 seconds and then you were redirected to another site via what looked like a couple of intermediate/proxy servers. When I first spotted this, I was taken to the listing page for a Chinese TV company which rather shook me as it is not as if my blog is mega popular (I wish!).

Given that in a former life, I founded and ran a very large UK based ISP, I’m used to dealing with hacks such as this. So I fired up an FTP client and logged into my hosting account to see what I could see. I wasn’t expecting to find much in all honesty as I reckoned that any halfway decent hacker would make sure that the date and time stamp on any changed files was the same as the original so as not to arouse suspicion. Having said that, I have seen instances of what we called “script kiddies” who changed things for fun and didn’t care what traces they left behind. Anyway, as I suspected, nothing obvious.

So then I logged into WordPress and decided to change from the K2 theme (1.08 RC) I was running to the default to see whether the hack was theme related or WordPress core specific. And the site worked so the finger was pointing at the K2 theme.

Now that I knew I could stop the hack immediately, I put the K2 theme back and had a play with the site. That was when this hack became interesting. If I clicked on a link within a topic (I have Twitter Tools installed so this was easy to do), I was correctly taken to the linked page. I had just reloaded my blog when the phone rang, and when I looked back, I had been redirected to the link I had just chosen. Further testing showed that this hack always redirected the site to the last clicked link. I’ve not seen this before but I thought/think it was rather neat in a sick kind of way.

Anyway I’ve now upgraded to the latest version of K2 (which was long overdue) and changed the passwords on all my sites as a precaution.

You have been warned!

Is a software flaw worth a life?

For about 18 months I’ve been a very happy user of VAServ’s cheap and cheerful VPS platform. The control panel was called LXAdmin (later renamed to Kloxo). A major series of security bugs was found a few weeks ago, and last Sunday the security company that identified the bugs decided in their wisdom to publish the bug list online because they had not had a response to their emails to LXLabs.

Well the sky fell in, and the fall out has been very painful. VAServ lost just about everything: over 100,000 domains taken off line while they tried to fix the break-in/security breach(es). For this company the pain is awful as they have been forced to be acquired (as far as I understand the email I received) by their UK datacentre partner who supplied man power to help out. I doubt the owner, who spent years building his company up, received very much if anything for it.

I lost all my domains. The reason you are seeing this is because I was forced to move to Hostgator to try and get my domains back up and running – I’m one of the lucky ones in that I had full backups of all my sites, both SQL and themes/plugins etc. Not everyone will have been so lucky.

Which brings me to the unfortunate owner of LXLabs who sadly appears to have committed suicide on Monday.

Is a software flaw, no matter how serious, really worth a life?

Google as a saviour

The CEO of a company I chair has created a very interesting blog based around irrevent thinking.

Unfortunately it was hosted temporarily on my now defunct hosting platform.

I thought he had a backup of the database. He thought I did. Result? Panic all round!

But Google Cache saved the day. We lost one comment, but as I knew the commentator personally, a quick email telling them what had happened resulted in them recreating it.

End result? Blushes all round (and a proper daily backup routine) but ultimately a huge sigh of relief!

Google is getting an increasingly bad press as people worry about how much power it wields and how much personal data it collects, but in this case it really did prove to be a saviour. Respect.

I’m Going Japanese (or Moving My Web Hosting Part III)

I’m close to totally losing it! Another one of my hosts has decided to cease operations (as far as I can see) without having the courtesy to tell anyone least of all their clients. Or the data center has been badly damaged by the current storms in the USA. But my money’s on the former 🙁

The first indication I had that there was a problem was when my server monitoring software started telling me that various services on that server were shutting down. Stupidly I didn’t react and pull a backup of a client’s blog which we’d lavished a lot of time and effort. But as this was not an unusual occurrence, I didn’t react as I have (had) root access to the box and can (could) reboot it any time I liked.

However …

About an hour after the warnings, the box failed to respond to a ping and has been dead ever since.

And the moral is? Never ignore warnings like this and always take regular backups.

Insanity Rules OK (or Moving My Web Hosting Part II)

Hmmm, well moving my web hosting was even more painful than I expected. Rather than 1 host, I now have 3!

Why?

Because hosts are not as honest as they should be and 99.9% uptime is a meaningless statistic if they are not being truthful. My first new host worked perfectly with the test account and had zero downtime in almost a month. So having spend 2 weeks moving accounts over (all 120 domains for myself and clients), the downtime went through the roof – about 15%. Result? Some very angry clients and sleepless nights for me.

Moving on to host #2, we had good uptime (99.8% which, having founded an ISP I know is a pretty decent figure) but a problematic CPanel installation/memory issue which would all too frequently return blank pages requiring a service restart. The data centre swear blind that there is no problem despite the fact that I’ve forwarded the logs that clearly show that there is. At least, being another CPanel platform, the migration of accounts was painless!

And so on to host #3. I decided to try a VPS (Virtual Private Server) which was not such a big deal for me as I run Gentoo Linux as my OS on my PCs so I’m very comfortable in this type of environment. I also discovered the delights of HostInABox which, whilst being a little rough around the edges, is a very nice control panel and hosting platform.

Funnily enough there has been an upside to all this. I now have 3 hosts rather than just 1 which hasn’t done my SEO any harm as they are on 3 very different class C address blocks. And I can load balance my domain load across them.

But the best thing is that I’m paying considerably less for these 3 than I was for my old host. So maybe I’m not going insane after all!

Moving My Web Hosting

After almost 2 years with my current host I’ve decided that I’ve had enough of the sluggish page loading and really slow control panel access so I changing.

As I have several domains on my account, this is not a decision I’ve taken lightly as it will be, I suspect, a nightmare. Why? Because I’m changing control panels to CPanel and it isn’t a simple swap over from my current panel. In fact I’ve spent that last few evenings writing scripts (still to be completed) to do much of the donkey work for me.

But 1 thing has bugged me for days – how to forward an email address to multiple people as the online CPanel help was pretty terse on the subject. Well Google’s your friend and it came up with this little gem

So I’m sorted, if a little mad ….