configuring cpanel on AWS EC2 instance
I want to share my experience with setting up cpanel server on EC2 instance.
The server needed to be configured to host multiple websites, domains, their dns zones and emails . So everything is looking as shared hosting. First of all I setup small EC2 instance with CentOS 5.6 installed on it. Then I installed cpanel on the server. I also added elastic ip address to the server to use it as external server ip address. And when I got to the step of configuring cpanel I got confused a lot . Here is what confused me :
1. if I configured everything using elastic ip address then I got default cpanel/WHM web page (saying that there is some misconfiguration or domain has been moved to another ip address) when I went to domain name pointed to the server . I checked all config files and dns zone of a domain 100500 times and still it did not work .
2. if I configured everything on server side using local/private ip address that is used with EC2 instance and used elastic ip to point domain to the server I got the problem when dns zone of a domain showed that private ip instead of elastic one . And website did not work as well .
After that I read many articles on AWS forum and got to the point that cpanel does not work correctly with NAT (architecture when server uses two ip addresses : local/private and external/elastic) which is used on ec2 servers . So all external requests going to a server using elastic ip or public DNS of a server and inside of server everything is configured using local ip. So here is what you need to do to configure cpanel server for shared hosting using ec2 instance :
1. install cpanel on server;
2. set local/private ip address as main ip address of your server in WHM settings, so all settings on the server will be related to your private ip address (ie domains will be pointed to local ip in apache config file );
3. Edit template of DNS zone in your WHM and put there elastic ip address instead of main/local ip . So you will have external/elastic ip address in dns zones of main domains and addon domains when they are added to the server . But there is a problem with subdomains. The changes we made to dns zone template will not effect creating and adding subdomains and they will be created using local ip address . That means that subdomains will not work . To fix this I had to create a little script which will check files with .db extensions in /var/named/ folder and replace local ip to external ip in them . I added that script to cron to run it every 30 minutes . here is example of the script I used :
/usr/bin/find /var/named/ -maxdepth 1 -type f -name "*.db" -exec replace "privateIP" "elasticIP" -- {} \; && rndc reload
This will allow you to have everything on server side configured using private ip but dns zones - configured using elastic ip . In this case you will have your server with cpanel working correctly .
Hope this article will help someone to avoid confusion and problems I had with setting up cpanel on EC2 .
php 5.3,5.4 installer v1
Here we would like to share instructions how to get php 5.3 or 5.4 version working on server with php 5.2 already installed . So you will have two versions of php running simultaneously. This instruction assumes that you have root access to a server . Also I must say that script is written for php running in SuPHP mode .
1.download and run installer:
cd /usr/local/src/ && wget -q -c -O php53.sh http://hostingbash.com/scripts/php53.sh && sh php53.sh
2. script will ask you to select php version. Installation takes ~ 15-20 minutes
3. if the installation was successful then new php handler will be displayed.
4. reboot apache:
/etc/init.d/httpd restart
5. you just need to add new handler to .htaccess. This script can install few php versions on the same server and it will create unique php handler for each new php version.
P.S direct link (http://hostingbash.com/scripts/php53.sh) does not work because this script is opened only for JH/SG/HC servers.
I will add support for FastCGI/mod_php as soon as possible.
(all errors/fixes/notices/ideas please send to lev4ykaol@gmail.com_ )
Protecting your WordPress
WordPress is a greatest CMS as well as Joomla! . That is why hackers like to hack it too 
. Here we will review tips on how to protect your blog from unauthorized access .
The simple answer to protecting your WordPress blog is to upgrade immediately when a mandatory security upgrade is announced.
Most needed steps to protect your wordpress:
- Upgrade to the latest version of WordPress and use the new automatic upgrade feature to keep your blog current and secure as possible.
- Backup, backup, backup. Backup your blog’s database. Backup your Theme. Backup your Plugins. Backup all content on your server. Backup everything on a regular basis, and learn how to restore your WordPress blog.
- Use strong passwords for your WordPress blog, as well as FTP, MySQL, and other web access.
- If you changed your server file permissions to open access during testing, making the directories writable and hackable, change them back to a more secure setting.
- Use WordPress Themes and Plugins from known and respected sources like the official WordPress Plugin Directory and WordPress Theme Directory.
- Monitor your WordPress Theme author’s blog regularly for announcements of upgrades. Future versions of WordPress will have an auto upgrade and notification feature for WordPress Themes, making this easier to track and upgrade.
- Use WordPress Plugins found in the WordPress Plugin Directory in order to take advantage of notification and warnings about Plugins through the Administration Panels Plugin update feature.
- If you are reliant upon a WordPress Plugin not in the WordPress Plugin Directory, monitor their site and other WordPress news sites for mention of vulnerabilities or upgrades and upgrade immediately if one is found.
- Monitor WordPress news sites for information on security issues and respond immediately to upgrades and patches.
To find more tips on this problem see :
13 Vital Tips and Hacks to Protect Your WordPress Admin Area
WordPress optimization for shared hosting
How to prevent your wordpress installation from overloading your shared server (or how to survive the digg effect on your wordpress blog):
WordPress blogs can be extremely resource intensive if you happen to experience a surge in traffic. Poorly implemented wordpress setups can place a high load on webservers and lead to interruptions of service or account suspensions for using too many resources . Here are some tips that can help you make your wordpress install more stable
1. Use one of the following cache plugins :
a) WordPress super cache plugin ( http://wordpress.org/extend/plugins/wp-super-cache/ )– The number one thing you can do to improve wordpress performance is install a page cache. WordPress super cache plugin is an extensive modification of the WP-Cache plugin. The wordpress super cache plugin serializes your posts to a file on disk and later spits them back. It also knows how to update itself when comments are received, etc, so your site is always the most up to date. I can not recommend this plugin enough if you wish to have a stable and responsive wordpress install. Note: to use this plugin you must have Mod_Rewrite enabled. Add the following to your .htaccess file: Options +FollowSymLinks RewriteEngine On
Please see http://wordpress.org/extend/plugins/wp-super-cache/ for more information.
b) Quick Cache ( A WP Super Cache Alternative )
The Quick Cache plugin uses configuration options, that you select from the options panel. See: Config Options under Quick Cache. Once a file has been cached, Quick Cache uses advanced techniques that allow it to recognize when it should and should not serve a cached version of the file. The decision engine that drives these techniques is under your complete control through options on the back-end.
Please visit http://wordpress.org/extend/plugins/quick-cache/ to get more information about this plugin .
2. WP Built-in object cache – The default installation of wordpress can be used to cache database queries. Less database queries = less resources being used and that makes us all happy. Just add the following line to your wp-config.php file: // Enable the WordPress Object Cache: define(ENABLE_CACHE, true);
Review your plugins – You should go though the plugins you have installed and see if there is a way to make them faster. Any way in which you can make them stop creating database queries and use flat files, or even better, cache things will help out greatly. If you find that a particular plugin is slowing down your wordpress install you should uninstall the plugin and consult the author. Most plugin developers love to hear feedback and would greatly appreciate your help.
3. Use a plugin monitor to see which plugins are using your resources. You can download pluginhogdetector from http://money.bigbucksblogger.com/pluginhogdetector-plugin-helps-you-find-cpu-hogging-plugins/ just deactivate it when your not monitoring as it will use a lot of resources too.
4. If you are doing media-rich applications and serving large files you may want to consider hosting these files on a VPS or dedicated server.
5. Keep your wordpress install up to date.
Joomla optimization tips
On shared hosting you can got your Joomla! website suspended if its popular and not optimized . Joomla! CMS uses many components and extensions that can cause an overloading of shared server .
So, here are some tips on how you can optimize your Joomla! website for better performance :
- Reduce the number of articles which appear on your front page.
- Enable caching for your Joomla.
- Disable/remove all components/modules/plugins you are not using.
- Install an additional database optimization component such as this one.
- Enable debugging from the Joomla admin area > Global Configuration and check the number of queries executed. The higher the number, the slower your application will run. If the number of queries exceeds 50, you may consider disabling the extension which is making the most queries.
- Check your website using this online tool. It will give you valuable information on what modifications can be made in order to improve its performance.
- Decrease the number of external and internal links on your pages. Leave only the most important ones.
Few tips to protect your joomla from hacking
Joomla! is very popular CSM that is used by millions of us . There are many components and extensions of Joomla! that make our life more easy . But there is a problem : hackers . Those people always try to hack someones website or server . Last months/days I found more and more hacked Joomla! websites . So I decided to share an information about how you can secure your Joomla! Before we start you should always remember to do a backups of your files and databases . If you have a backup then you can restore it and get your site live again without any problems .
Change the default database prefix (jos_)
Most SQL injections that are written to hack a Joomla! website, try to retrieve data from the jos_users table. This way, they can retrieve the username and password from the super administrator of the website. Changing the default prefix into something random, will prevent (most / all) SQL injections.
You can set the database prefix when installing your Joomla! website. If you've already installed Joomla! and want to change your prefix, do the following:
- Log on to your Joomla! back-end.
- Go to your global configuration and search for the database
- Change your database prefix (Example: asdfg_) and press Save.
- Go to phpMyAdmin to access your database.
- Go to export, leave all default values and press Start. Exporting the database can take a while.
- When done, select all code and copy it to notepad (or any other text editor)
- In phpMyAdmin, select all tables and delete them
- In notepad, do a Search & replace (Ctrl + H). Set the searchterm to jos_ and change it into your new prefix (Example: asdfg_). Press "Replace all".
- Select everything in your notepad file and copy it. In phpMyAdmin, go to SQL, paste the queries and press Start.
Remove version number / name of extensions
Most vulnerabilities only occur in a specific release of a specific extension. Showing MyExtension version 2.14 is a really bad thing. You can modify this message to only the name of the extension by doing the following:
- Retrieve all files of the extension from your server.
- Open up Dreamweaver.
- Load any file from the extension that you just downloaded to your local machine.
- Use the Search function and set the search to Search through specified folder. Navigate to the folder where you downloaded the exploit to.
- Set the search term to "MyExtension version 2.14" and press OK.
- When found the correct file, remove the version number.
- Upload the changed file to your server and check if the changes are made.
Use a SEF component
Most hackers use the Google inurl: command to search for a vulnerable exploit. Use Artio, SH404SEF or another SEF component to re-write your URL's and prevent hackers from finding the exploits.
Additionally, you'll get a higher rank in Google when using search engine friendly URL's.
Keep Joomla! and extensions up to date
This one is pretty obvious. Always check for the latest versions of Joomla! and the extensions you're using. Many vulnerabilities are resolved most of the times in later versions.
Use the correct CHMOD for each folder and file
Setting files or folders to a CHMOD of 777 or 707 is only necessary when a script needs to write to that file or directory. All other files should have the following configuration:
- PHP files: 644
- Config files: 666
- Other folders: 755
On servers which run php SuExec you need to use 644 permissions for all files and 755 - for all folders . In this case you dont need to set 666 permissions for files or 777 permissions for folder .
Delete leftover files
When you installed an extension that you didn't like, don't set the extension to unbublished. If you do, the vulnerable files will still be on your website. So simply use the un-install function to totally get rid of the extension.
Change your .htaccess file
Add the following lines to your .htaccess file to block out some common exploits.
===========================================================
########## Begin - Rewrite rules to block out some common exploits
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a < script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script that tries to set CONFIG_EXT (com_extcal2 issue)
RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR]
# Block out any script that tries to set sbp or sb_authorname via URL (simpleboard)
RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR]
RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D)
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
==================================================================
For more Joomla! security tips, you can read the following:
- Joomla Administrators Security Checklist
- Visit the Joomla! security forums (1.0 and 1.5)
Keep an eye on websites listing Joomla! vulnerabilities:
Hey
Welcome to my first blog ! Hope things will go well and I will not be lazy to post here some useful information 
