There’s a new POODLE in town [Fix vulnerability] [cPanel servers]

Hello Guys,

We are getting mails from client that to check the POODLE vulnerability check on their servers. To check if the server is vulnerable do;

openssl s_client -connect ServerIP:443 -ssl3

If you get

CONNECTED(00000003)
140051818760008:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
140051818760008:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

It's not vulnerable to POODLE. If the result showing any other result then perform below steps;

Go to

WHM » Home » Service Configuration » Apache Configuration » Global Configuration

SSL Cipher Suite: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL

After that;

Go to

Home » Service Configuration » Apache Configuration » Include Editor » Pre Main Include

Select all versions, then add below lines (for CentOS/RHEL 6.x:)

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

Select all versions, then add below lines (CentOS/RHEL 5.x:)

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1

Then update.

It will resolve the issue :)

Note: Make sure to run the command that you ran at front to confirm things before updating the client.

Backup all MySQL DB in Plesk

You can use the below script to take all DB backup to local folder. 

It will take compressed format. 

#!/bin/bash
# Jared Earle, 2008-03-28, BD-NTWK
# Set the datestamp, login credentials and backup directory
export date=$(date +\%Y\%m\%d)
export creds="-uadmin -p`cat /etc/psa/.psa.shadow`"
export backupdir="/local/backup/folder"
# delete week old files
find ${backupdir}/ -regex '.*.dump.gz' -mtime +6 -exec rm {} \;
# dump databases to the backupdir
echo "show databases;" | mysql ${creds} | egrep -v ^Database$ | \
        awk '{print "mysqldump ${creds} "$1" | \
        gzip > ${backupdir}/db-"$1"-${date}.dump.gz"}' | \
        sh

Thanks to http://23x.net/ 

WordPress Multisite Images not Working

If you run out the issue with the Image loading in your WP multisite then, use the below htaccess rules in your site's document root.


====================
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule . index.php [L]

</IfModule>
# END WordPress
====================


It will resolve the issue for you.

How to manage "Error establishing database connection" error

1. The first thing that you need to verify that MySQL server running fine or not. If it's not running see the error log in

/var/lib/mysql/hostname.err

You will get the error from there. Fix the error and start the MySQL instant.

2. Sometime you will see this error even after successful restart of MySQL server. You need to make sure the error is not there for all sites. If it's only for one domain, then  it's due to one particular database connection string.

You need to make sure the database user has enough permission over the database. Also update the password of the database user from WHM >> SQL user password reset
option as per the site's configuration file.

This will fix the issue

3. If everything updated correctly and the error still appears then, please see if that database is corrupted or not. You can check this by taking a backup of the database using mysqldump. If it's showing any error for any table fix the table and the error will disappear.

In some WP site, WP-super cache plugin caused some caching issue. So consider the cache settings too, while handling WP sites.

How to Get Rid of Heartbleed Bug

   The best way to get rid of  "Heartbleed Bug" is to upgrade OpenSSL version to the latest one.

Please follow below script to update OpenSSL

curl https://www.openssl.org/source/openssl-1.0.1g.tar.gz | tar xz && cd openssl-1.0.1g && ./config && make && make install

ln -sf /usr/local/ssl/bin/openssl `which openssl`

openssl version

You are done :)