Home Blog Page 2

Move cPanel Apache domlogs to other location

Move cPanel Apache domlogs to other location


What are domlogs?

Domlogs are the domain logs which are generated for the domain. Web statistics use these logs.
If  these logs are removed, you won’t be able to view the stats for that specific domain.

However the stats will be updated from the next coming day, and you will be able to view the next newly generated stats, but not the old ones, as you have deleted them.
If the logs are consuming more space, you can try to delete the older files say a weeks or a months ago, to free up some space.

Within the domlogs folder each site on the server will have its own log file.  These files will be the fully qualified domain name for the domain, ie domain.com, liquidweb.com.  All http traffic to a site will be logged in this log file.

Default location of domlogs in cPanel :



The problem

Domlogs folder growing very fast when you have many domains in your cPanel or very big traffic websites on your server.

As you can see cPanel recommends  40 GB recommended minimum in your / partition.

P.s. Please check your websites/domains before using thous recommendations from cPanel…






You can move your domlogs folder to other partition by doing this :

service httpd stop
ps ax | grep httpd (Verify that no httpd process still running)
cd /usr/local/apache
mkdir /home2/apache ( Considering /home2 as your new drive)
mv domlogs /home2/apache/
ln -s /home2/apache/domlogs /usr/local/apache/domlogs
ls -la /usr/local/apache/ (Verify the link)
service httpd start

P.S. Warning ! This operation will cause downtime to your web server.


After this operation you can freely enjoy more space on your / partition.

Good luck !


CloudLinux 7 MySql open_files_limit and max_open_files setup

CloudLinux 7 MySql open_files_limit and max_open_files setup


CentOS 7 was released on 7 July 2014 with new systemd format. As the Systemd now replaces SysVinit, it is time to get familiar with it.

With new Systemd in CloudLinux 7 – comes new problems that need to be fixed and solved 🙂

The problem

When you try to change open_files_limit and max_open_files in /etc/my.cnf , the setting in my.cnf ignored completely.

My system is : CloudLinux 7.2 , cPanel v.56 with CageFS, PHPselector, DB_governor, LSPHP.

You can try to see thous settings in mysql with this command , you will see the same numbers as before.

mysql -e "show variables like '%open_%'"


My my.cnf


# Disabling symbolic-links is recommended to prevent assorted security risks




My mysql server logs:

2016-07-17 18:45:42 9775 [Warning] Buffered warning: Could not increase number of max_open_files to more than 1024 (request: 10000)
2016-07-17 18:46:31 10148 [Warning] Buffered warning: Could not increase number of max_open_files to more than 1024 (request: 10000)
2016-07-17 18:47:48 10504 [Warning] Buffered warning: Could not increase number of max_open_files to more than 1024 (request: 10000)
2016-07-17 18:56:04 12480 [Warning] Buffered warning: Could not increase number of max_open_files to more than 1024 (request: 1024000) And restart the server when convenient

A little about CloudLinux 7

CloudLinux OS is an operating system designed specifically for shared hosting providers, developed by computer software company CloudLinux Inc. CloudLinux OS is based on OpenVZ kernel and is fully compatible with CentOS/RHEL packages. CloudLinux OS is designed to improve stability and security on server and to optimize its work on account of isolating tenants on server, setting resource usage limits for them, optimizing work with databases etc.


Possible solution – not helped me 🙁

You can try to change LimitNOFILE option in /usr/lib/systemd/system/mysqld.service  .

Then run:

systemctl daemon-reload
systemctl restart mysql.service


Copy of the mysqld.service file :

Description=MySQL database server


ExecStartPre=/usr/sbin/mysqld-prepare-db-dir %n
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
# per bug #547485
ExecStart=/usr/bin/mysqld_safe --basedir=/usr
ExecStartPost=/usr/sbin/mysqld-wait-ready $MAINPID

# Give a reasonable amount of time for the server to start up/shut down

# Place temp files in a secure directory, not /tmp



Following links might be helpful:



Solution to the problem – THE fix

I have found a solution to edit /usr/lib/systemd/system/mysqld.service and add there:


Those options has been set in it however in [Install] section. I moved them to [Service] section and after “systemctl daemon-reload” and “systemctl restart mysql.service” the value has been applied properly:

mysql> show variables like 'open_file%';
| Variable_name | Value |
| open_files_limit | 65536 |
1 row in set (0.00 sec)

After that change , my.cnf will have full control to open_files_limit and max_open_files and you can successfully change it there and of course restart mysql service after the change.

Things become more complicated with systemd now, looks like that is only one right way to set open_files_limit for mysql now.

However that is a way CentOS7/RHEL7/CloudLinux7 works with new systemd 🙁


Letter from cPanel team

Hello Sergey,

Thank you very much for the additional information, I'm glad to hear that were able to track down the source of the problem, and if they really are incorporating "LimitNOFILE" in systemd's files, then it should be fixed quickly to appear in the "service" section rather than just "install".

In any case, our team will definitely use the information here to update our own internal tools, and hopefully, catch this issue much quicker when we encounter it again.

While I hope that everything's working here now as expected after their suggested changes, please don't hesitate to let me know if you have any other questions or would like for our team to look into anything else and I'll be happy to assist you with anything else you might need.

Best Regards,


Thanks to CloudLinux and cPanel teams (and to Sergey Babkevych meeee:)) ) that take participation in that cooperative investigation, research and testing.

Good luck!

Veeam Agent for Linux – Beta

Veeam Agent for Linux – Beta

Simple and FREE backup agent for Linux – Veeam Agent for Linux – Beta — anywhere!

Backing up and recovering Linux cloud instances is often cumbersome or expensive, requiring manual intervention or consuming an IT administrator’s valuable time.

Introducing Veeam® Agent for Linux — a simple, FREE backup agent for Linux, designed to ensure the Availability of your Linux server instances, whether they reside in the public cloud or on premises.

With Veeam Agent for Linux, you get the following benefits:
  • Backup anywhere

    Back up Linux instances running in the cloud or on premises

  • Flexible recovery

    Perform on-premises restores from backups of individual cloud instances, or cloud restores of on-premises backups

  • Integration with Veeam Backup & Replication™

    Take full advantage of Veeam backup repositories as target locations; leverage existing Veeam Backup & Replication capabilities for granular recovery — and more!

Our Public Beta will be made available on a first come, first served basis — sign up today!

Before installing the Beta, please review the list of known issues and solutions. If you need help deploying the software, please refer to this blog post.

PHP ImagickException error in CloudLinux: not authorized

PHP ImagickException error in CloudLinux not authorized


Hello there 🙂


Today i have faced a new and very strange problem with PHP ImagickException error in CloudLinux not authorized that we (CloudLinux also big thanks to Igor Ghertesco) manage to fix it.

My system was very simple that uses CloudLinux 7.2 technology including PHP selector and Plesk 12.5 system on Cenots 7.2.


The beginning 🙂

Our client (domain name : http://domain.name/) uses Imagick and have errors in error_log :

[Sun Jul 10 16:25:29.715038 2016] [fcgid:warn] [pid 353566:tid 139677738710784] [client] mod_fcgid: stderr: PHP Fatal error: Uncaught exception 'ImagickException' with message 'not authorized `/tmp/magick-356589qHphZgHgOyAg' @ error/constitute.c/ReadImage/412' in /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php:78, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:29.715064 2016] [fcgid:warn] [pid 353566:tid 139677738710784] [client] mod_fcgid: stderr: Stack trace:, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:29.715079 2016] [fcgid:warn] [pid 353566:tid 139677738710784] [client] mod_fcgid: stderr: #0 /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php(78): Imagick->readimageblob('<?xml version="...'), referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:29.715083 2016] [fcgid:warn] [pid 353566:tid 139677738710784] [client] mod_fcgid: stderr: #1 {main}, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:29.715087 2016] [fcgid:warn] [pid 353566:tid 139677738710784] [client] mod_fcgid: stderr: thrown in /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php on line 78, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:30.706958 2016] [fcgid:warn] [pid 353594:tid 139677730318080] [client] mod_fcgid: stderr: PHP Fatal error: Uncaught exception 'ImagickException' with message 'not authorized `/tmp/magick-3570632DJqOV29q7Fs' @ error/constitute.c/ReadImage/412' in /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php:78, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:30.706985 2016] [fcgid:warn] [pid 353594:tid 139677730318080] [client] mod_fcgid: stderr: Stack trace:, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:30.706989 2016] [fcgid:warn] [pid 353594:tid 139677730318080] [client] mod_fcgid: stderr: #0 /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php(78): Imagick->readimageblob('<?xml version="...'), referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:30.706993 2016] [fcgid:warn] [pid 353594:tid 139677730318080] [client] mod_fcgid: stderr: #1 {main}, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:30.706997 2016] [fcgid:warn] [pid 353594:tid 139677730318080] [client] mod_fcgid: stderr: thrown in /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php on line 78, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7

After reviewing this error and after we sew this line we check tmp on our server and it was ok with permissions and the owner based on your infrastructure.

'ImagickException' with message 'not authorized `/tmp/magick-356589qHphZgHgOyAg'

TMP directory on the server (/tmp):

drwxrwxrwt. 14 root root 36864 Jul 10 16:45 tmp

One of the clues

One of the solutions was  described in this thread: http://stackoverflow.com/questions/37599727/php-imagickexception-not-authorized

But this solution didn’t helped us on CloudLinux system with PHP selector.


Solutions: 1 (described here)

nano /etc/ImageMagick/policy.xml

Comment this line:

<policy domain="coder" rights="none" pattern="MVG" />
service httpd restart


Solutions: 2 (worked on my CloudLinux)

nano /opt/alt/alt-ImageMagick/etc/ImageMagick-6/policy.xml

Comment this line:

<policy domain="coder" rights="none" pattern="MVG" />
service httpd restart



P.S. Do not forget to clear cookies and cache after doing solutions 1 or solutions 2.

P.S.2. Make sure you have up to data patch regarding Imagick from CloudLinux servers .


A critical vulnerability was found in ImageMagick which allows remote code to be executed during the conversion of several file formats. ImageMagick Filtering Vulnerability – CVE-2016-3714 pateched .



Good luck !


Fortinet Threat Map


Fortinet Threat Map

Fortinet Threat Map – Remote execution attacks, memory related attacks, remote location attacks, denial of service attacks (DoS), etc..

The Threat Map utilizes IPS telemetry powered by FortiGaurd Distribution Services (FDS) to give an animated world map visualization of today’s information security threat landscape, and provides a graphical understanding of Fortinet’s ongoing protection against various exploits from all parts of the globe.

The traffic paths for these threats are color-coded by rating and type of attack, whether involving execution, memory, link, denial of service (DoS), or a single point of contact; the map also provides a real-time updates table including the attack name and its location, making it easy to survey ongoing activity at a glance.


You Can Learn More About the Fortinet Product Line By Going to www.FirewallShop.com/Fortinet

The original article/video can be found at Fortinet Threat Map


Good luck !

Useful Plesk SSH Commands


Useful Plesk SSH Commands

Below is a list of commands that can be run from a Linux shell session (i.e. over SSH) which will make administering a Plesk server much easier. Firstly because they can give you a lot of information at once which otherwise you would have to trawl through the web interface for, also more important features such as being able to find the usernames and passwords for different accounts (FTP, email, etc).All the commands below assume that you are logged onto the server that hosts Plesk via a SSH session as root or sat directly at the machine.

To show the Plesk admin account password:
cat /etc/psa/.psa.shadow

To remove lockout from the admin user:
mysql -uadmin -p$(cat /etc/psa/.psa.shadow) -Dpsa -e “delete from lockout where login=’admin'”

To kill the admin session to allow another user to log in:
mysql -uadmin -p$(cat /etc/psa/.psa.shadow) -Dpsa -e “delete from sessions where login=’admin'”

To show all FTP users, their password and their domain:
mysql -uadmin -p$(cat /etc/psa/.psa.shadow) -Dpsa -e “SELECT home AS ‘HOMEDIR’, login AS ‘USERNAME’, password AS ‘PASSWORD’ FROM sys_users S, accounts A WHERE S.account_id = A.id ORDER BY home,account_id;”

To show all mailboxes, the usernames, passwords and associated domain:
mysql -uadmin -p$(cat /etc/psa/.psa.shadow) -Dpsa -e “SELECT name AS ‘DOMAIN’, mail_name AS ‘USERNAME’, password AS ‘PASSWORD’, postbox as ‘MAILBOX?’, redir_addr as REDIRECT FROM mail M, domains D, accounts A WHERE M.account_id = A.id AND M.dom_id = D.id ORDER BY name,mail_name;”

List all email addresses on the server:
mysql –skip-column-names -B -uadmin -p$(cat /etc/psa/.psa.shadow) -Dpsa -e “SELECT CONCAT(mail_name, ‘@’, name) FROM mail M, domains D, accounts A WHERE postbox = ‘true’ AND M.account_id = A.id AND M.dom_id = D.id ORDER BY name,mail_name;”

To show mailboxes with a specific username, paste this and enter the name when prompted:
echo -e “nnEnter mailbox username”; read mbuser; echo ”; mysql -uadmin -p$(cat /etc/psa/.psa.shadow) -Dpsa -e “SELECT name AS ‘DOMAIN’, mail_name AS ‘USERNAME’, password AS ‘PASSWORD’ FROM mail M, domains D, accounts A WHERE postbox = ‘true’ AND M.account_id = A.id AND M.dom_id = D.id AND mail_name = ‘${mbuser}’ ORDER BY name,mail_name;”

To fix and optimise all MySQL databases and tables (i.e. to fix crashed or corrupted tables):
mysqlcheck –auto-repair –optimize -uadmin -p`cat /etc/psa/.psa.shadow` –all-databases

To show all MySQL processes and the process owner:
mysql -uadmin -p$(cat /etc/psa/.psa.shadow) -Dpsa -e “show full processlist”

To show the size of all websites, mailboxes, databases, backups and logs sorted by size:
clear; if [ -d /var/www/vhosts ]; then echo -ne “nn=== WEBSITES ===n”; cd /var/www/vhosts && du -ks –exclude=’chroot’ –exclude=’default’ * | sort -nr | cut -f2 | xargs du -sh; echo “[`ls –ignore=’chroot’ –ignore=’default’ | wc -l` Sites – Total `du -hs . | cut -f1`]”; fi; if [ -d /var/qmail/mailnames ]; then echo -ne “nn=== MAILBOXES ===n”; cd /var/qmail/mailnames && TMB=$(du -ks */* 2>/dev/null | sort -nr | cut -f2); if [ -n “$TMB” ]; then echo “$TMB” | xargs du -sh; fi; echo “[`find . -mindepth 2 -maxdepth 2 -type d | wc -l` Mailboxes – Total `du -hs | cut -f1`]”; fi; if [ -d /var/lib/mysql ]; then echo -ne “nn=== MySQL DATABASES ===n”; mysql -uadmin -p`cat /etc/psa/.psa.shadow` -e “SELECT round(sum( data_length + index_length )/1024/1024,0) ‘SM’, table_schema ‘DN’ FROM information_schema.TABLES GROUP BY table_schema ORDER BY SM DESC G;” | sed ‘/***/d’ | sed ‘s/SM: //’ | sed ‘:a;N;$!ba;s/nDN:/Mt/g’; fi; if [ -d /var/lib/psa/dumps/domains ]; then echo -ne “nn=== PLESK BACKUPS ===n”; cd /var/lib/psa/dumps/domains && du -ks * | sort -nr | cut -f2 | xargs du -sh; echo “[Total `du -hs . | cut -f1`]”; fi; echo -ne “nn=== TEMP FILES ===n”; du -hs /tmp /var/tmp; echo -ne “nn=== LOGS ===n”; du -hs /var/log /usr/local/psa/var/log; echo -ne “nn”;

To show all MySQL users and their allowed access host:
mysql -uadmin -p$(cat /etc/psa/.psa.shadow) -Dpsa -e “select host, user from mysql.user;”

To show all MySQL databases, usernames and passwords on every domain:
mysql -uadmin -p$(cat /etc/psa/.psa.shadow) -Dpsa -e “SELECT d.name AS DOMAIN, db.name AS DB, du.login as USER, a.password as PASS FROM db_users du, data_bases db, domains d, accounts a WHERE du.db_id = db.id AND db.dom_id=d.id and du.account_id=a.id ORDER BY d.name, db.name;”

To show all information for a specific domain. Just replace example.org with the domain name in question:
QDNAME=”example.org”; echo -e “nn”; mysql -uadmin -p$(cat /etc/psa/.psa.shadow) -Dpsa -e “SELECT login AS ‘FTP Username’, password AS ‘Password’ FROM sys_users S, accounts A WHERE S.account_id = A.id AND home LIKE ‘%/$QDNAME’ ORDER BY home,account_id; SELECT mail_name AS ‘Mailbox Username’, password AS ‘Password’, postbox as ‘Mailbox?’, redir_addr as ‘Redirect to’ FROM mail M, domains D, accounts A WHERE M.account_id = A.id AND M.dom_id = D.id AND name = ‘$QDNAME’ ORDER BY name,mail_name; SELECT db.name AS ‘Database Name’, du.login as ‘DB Username’, a.password as ‘Password’ FROM db_users du, data_bases db, domains d, accounts a WHERE du.db_id = db.id AND db.dom_id=d.id and du.account_id=a.id AND d.name = ‘$QDNAME’ ORDER BY d.name, db.name;”; echo -e “nn”;

To delete all emails currently in the QMail queue:
service qmail stop && find /var/qmail/queue/{mess,intd,local,remote,todo,info}/ -type f -exec rm {} ; && service qmail start


Clamav error – Can’t verify database integrity

Clamav error – Can’t verify database integrity

Hi ,

Today i have faced one strange database integrity problem with Clam AV on my Cenots 6.7 system – Clamav error – Can’t verify database integrity.

ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

Open source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates

When i try to do simple scan with my Clam i got strange output :

LibClamAV Error: Can't load /var/clamav/daily.cvd: Can't verify database integrity
ERROR: Can't verify database integrity
ERROR: Can't verify database integrity 

I try to do a manual update of Clam AV but it failed with the same error.

This usually means that the download is corrupt, either because the source file is or it didn’t download properly.

The quick fix (workaround) is was by removing one of the main Clam files – main.cvd (but if you want to go to the safe side you may do a rename main.cvd to main.cvd.bak ).


Good luck!

Plesk 12 supports multiple PHP versions out of the box!

Plesk 12 supports multiple PHP versions out of the box!


Plesk 12 since micro update 41 can install PHP 5.2 up to 5.6 via the built-in installer, this makes the scripts I made obsolete :)

Plesk 12 supports multiple PHP versions out of the box – is the best thing that happened till now !

If you are still running 11.5 Parallels (or Odin) also put up official guides telling you how to install php 5.6 which can be modified to install most versions.




For Plesk 12 and Pleks 12.5:

Since Plesk 12.0.18 MU#41, you can install and use multiple PHP 5.x versions built by Plesk team via Plesk panel. For more details see KB article 125146: Multiple PHP Versions in Plesk 12 and higher Out of the Box

PHP packages for Plesk 12:

  • CentOS 6
  • CentOS 7
  • Ubuntu 12

PHP packages for Plesk 12.5:

  • CentOS 6
  • CentOS 7
  • RHEL 6
  • RHEL 7
  • Debian 7
  • Debian 8
  • Ubuntu 12
  • Ubuntu 14


Plesk KB : http://kb.odin.com/en/118378


In Release Notes for Plesk 12.5 for Linux Systems we can see new update and this new update brings good news :

PHP 7 support (as soon as it is released)

Support for Multiple PHP Versions

Plesk 12.5 comes with a long-requested feature – support for multiple versions of PHP out of the box. Plesk 12.5 ships with the following PHP versions:

  • 5.2
  • 5.3
  • 5.4
  • 5.5
  • 5.6
  • 7 (as soon as it is released)

All supported versions of PHP can be installed with the help of the Plesk Installer. Learn more.

Plesk KB : http://download1.parallels.com/Plesk/PP12/plesk-12.5-for-linux.html


Good luck

open_basedir restriction in effect Error in WordPress | Shared Web Hosting Fix

open_basedir restriction in effect Error in WordPress | Shared Web Hosting Fix

Hello friends,

I have discovered a new error on one of my clients that uses CMS wordpress and this error is about open_basedir.

The installation of CMS wordpress is on Windows 2008 R2 server with Plesk 11 .

If you’re unsure of how to reach the PHP Settings section in Plesk, please see this guide.

This guide will assume that you have a domain (example.com) and you need it to access files on a different domain that is also on the same server (example.org).

For reference, the web root of all websites on your server are in this format:


Now that we know the basics of where things are, we can make the changes.

Go into the PHP Settings page for the domain that needs access to the second domain (example.com in this case, use the guide at the top of this article if you’re not sure how to find this area in Plesk).

Then change the open_basedir option to Enter custom value and append your domain’s full path to the entries in the box. You should end up with something that looks like this :


What this means is that the domain you are currently modifying (example.com) can now access its own files (webspaceroot), the server’s temp folder (tmp) and the other domain you have added (/var/www/vhosts/example.org/httpdocs).

You can add as many locations as you need, separated by colons. Once you’ve done that, you should get something that looks like this:


Click Ok at the bottom of the page to save your changes.


You are probably here because you saw an error on WordPress site that looks like one of the following error messages and you are unable to access your site.

• open_basedir restriction in effect. File(/tmp) is not within the allowed path(s).

• Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/home/some/path/here/) is not within the allowed path(s).

• Warning: is_writable() [function.is-writable]: open_basedir restriction in effect.
File(/) is not within the allowed path(s).

The open_basedir Restriction is basically a security restriction that prevents a user on a web server to access files and folders that belong to other user.

For example, if a function (like fopen or mkdir) in a WordPress theme or plugin tries to access a file or folder that is outside its home directory, it will not be able to access it and will show the open_basedir restriction in effect error.

There are multiple ways to fix the open_basedir restriction in effect error. You can disable the restriction completely, you can selectively allow access of some files and folders outside the home directory for some users or you can debug the code of your WordPress theme and plugin so that it doesn’t need to access files and folders outside its root folder.

How To Fix open_basedir restriction Error in WordPress on Shared Web Hosting

If you are on shared hosting, you can’t disable the open_basedir restriction on your web hosting account. You need to send an email to your web host to disable it on your account. So, contact them and wait for them to disable it.

In many cases, your web host will not disable the open_basedir protection. They will send you a reply like this,

The problem is that your script is trying to do some actions in the server ‘root’ folder, “/”. This is incorrect as you are not allowed to access and perform operations on the server root. We will not deactivate open_basedir restriction because it will not resolve your issue. We suggest you to fix your script instead.

They are right. So now, to fix this issue, contact your web host and get the path of the tmp directory or folder on your web hosting account from them. Then edit the wp-config.php file to add this code in it,


Here, replace the ‘../../relative/path/to/tmp’ with the actual path of the tmp directory on your account relative to the WordPress blog that shows the error.

For example, if the WordPress site that shows the error is installed at www.yoursite.com/blog, and the tmp folder is located one level above the blog folder, the code to be added to the wp-config.php file will be,


You need to add a single ../ for each directory higher, relative to the directory where your WordPress site is installed until you reach the tmp directory.

Quick fix: Sometimes, the open_basedir error is because of the incorrect media uploads path in WordPress. To check it, go to http://www.yoursite.com/wp-admin/options.php and check the upload_path value.

The value here should be wp-content/uploads. If it has a preceding slash like, /wp-content/uploads, replace it with wp-content/uploads.

Warning: Please don’t edit anything else at /wp-admin/options.php page unless you know what you are doing. You will break your site if you do.

How To Fix open_basedir restriction Error in WordPress on VPS or a Dedicated Server

If you are on a VPS or dedicated host with cPanel WebHost Manager (WHM), then to disable PHP open_basedir restriction in , go to Tweak Security > Security > Configure > PHP open_basedir Tweak, and disable it. You can also selectively enable or disable it for various user accounts.

If you are on a VPS or dedicated host with Plesk, go to Tools and Settings > Simple View Settings > PHP Settings. Here, enter custom value for the open_basedir option, to put {DOCROOT};WindowsTemp as the value. Click OK and restart Plesk services.

Note that disabling the open_basedir restriction globally in Plesk will not work for domains already created in it. It will work only for the domains created after the change. To disable open_basedir restriction for current domains, each domain must be edited individually. Here’s the procedure:

Go to Domains > (the domain you want to modify) > Websites & Domains > Advanced Operations > Website Scripting and Security > PHP Settings. Here, enter custom value for the open_basedir option (its in common settings), to put {DOCROOT};WindowsTemp as the value. Now, recycle the domain’s application pool which will automatically update the php.ino file created by Plesk.

If you don’t have either Cpanel WHM or Plesk on your VPS or dedicated hosting, you can simply edit the Apache configuration file to disable the PHP open_basedir restriction. To do this, open httpd.conf file, and find the line like this,

php_admin_value open_basedir some_value_here

Replace it with the following line,

php_admin_value open_basedir none

You need to make this change only under the virtual host for the domain user account on which you want to disable the open_basedir protection.

To allow the php scripts in any user account on your web server to access some specific directories outside their home directory, without disabling the open_basedir restriction completely, add code like below to the httpd.conf file.

php_admin_value open_basedir “/home/user_account/:/usr/local/lib/php:/tmp:/new_directory”

Add more directories as needed by simply separating them with a colon (:) on Unix and Linux server and with semicolon (;) on a Windows server.

Restart the Apache server after making any change to the httpd.conf file.

Important Security Note: In the directory list above, the directory name is a regular expression match prefix. So a rule of /dir/incl will also match /dir/includes. To make sure that it matches the specified directory exactly, add a trailing slash, like /dir/incl/.

Update: The directory name specified in open_basedir is no longer a prefix since PHP 5.2.16 and 5.3.4. Its considered a full directory name now.

That’s it. I hope that you can now easily fix the open_basedir restriction Error in WordPress.




Ref. pages:




Review: Hebrew in Parallels Plesk ?

Review: Hebrew in Parallels Plesk ?

Hello my friends ,

Parallels has sent Hebrew demo account to test and review.

Yes , Plesk in Hebrew !!!

odin-plesk-hebrew-1 odin-plesk-hebrew-2.png odin-plesk-hebrew-3.png

The Plesk 12 is designed for the hosting service provider who needs an easy way to configure and maintain Windows or Linux servers. The Service Provider Management interface includes simple controls to create subscription packages for resellers, customers, and individual accounts. New supportability tools for WordPress bundled with the enhanced server-to-site security features of Plesk 12 make this edition ideal for supporting and growing a shared hosting business. All of the features of Plesk 12 are enabled and support unlimited accounts and domains.


Odin provides the software that powers the cloud ecosystem, from small and local hosters to some of the world’s largest telecommunication companies. By partnering with Odin, service providers gain access to industry expertise, a catalog of the most in-demand cloud applications, and the most comprehensive selection of software including web server management, server virtualization, provisioning, and billing automation.


P.S. I think the Hebrew version will be out in end of 2015 – it will be one of the 12.1 versions .

Good luck ,

Disable PHP Execution In WordPress Uploads Directory

Hi friends ,

We see a lot of shells and scripts that gets uploaded to the /wp-content/uploads directory. Generally these are shell scripts and other scripts that allow pretty much total control over your hosting filesystem and database.

A quick way to help protect against this is to put an .htaccess file in the /wp-content/uploads directory that contains the following code:

<Files *.php>
deny from all

This will stop any PHP file from being executed in the uploads directory.

or for perl scripts

<Files *.pl>
deny from all

or for python

<Files *.py>
deny from all

VERY few plugins ever use PHP files in the uploads directory and certainly shouldn’t be executing them there, so this is a very safe method to get one step closer to securing your WordPress installation.


Disable PHP Execution In WordPress Uploads Directory

Good luck ,

Fixing Mod_fcgid: Read Data Timeout

Domain shows 500 internal server error: mod_fcgid: read data timeout

 FcgidIOTimeout or IPCCommTimeout sets the maximum period of time the module will wait while trying to read from or write to a FastCGI application. To allow applications to take a longer time to respond, increase the value of the directive in Apapche configuration file, httpd.conf , or other included config files that contain the above directives, including within the virtual hosts configuration.


A domain is not loading and a “500 internal server error” is being shown after 45-60 seconds.

The following error can be observed in the domain’s /logs/error_log:

[Thu Feb 12 17:07:06 2014] [warn] [client] mod_fcgid: read data timeout in 45 seconds, referer: http://www.example.com/admin/orders.php
[Thu Feb 12 17:07:06 2014] [error] [client] Premature end of script headers: PDF.php, referer: http://www.example.com/admin/orders.php


The FcgidIOTimeout value – the maximum period of time the module will wait while trying to read from or write to a FastCGI application – has been exceeded.


Increase the FcgidIOTimeout value in fcgid.conf and restart Apache.

CentOS: /etc/httpd/conf.d/fcgid.conf

Debian: /etc/apache2/mods-enabled/fcgid.conf

To apply the vhost configuration for all domains, please follow the guide from the documentation:

  1. Copy the default template for the domain vhost into the custom templates directory:
    # cp -p /usr/local/psa/admin/conf/templates/default/domain/domainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php
  2. Change the custom file accordingly:2.1 Open

    2.2 Find the line:

    FcgidIOTimeout <?php echo $VAR->domain->physicalHosting->scriptTimeout; ?>

    Replace it with value you need:

    FcgidIOTimeout 150

    2.3 Save changes.

  3. Apply the configuration for all domains:
    # /usr/local/psa/admin/bin/httpdmng --reconfigure-all

Other way to solve the problem :

Running a script longer then 45 seconds causes a mod_fcgid: read data timeout in 45 seconds, this may be plesk specific.

Looking up the error its very common, the usual solution recommended is to editing /etc/httpd/conf.d/fcgid.conf

Specifically, change

FcgidIOTimeout 45


FcgidIOTimeout 3600

3600 seconds = 1 hour.

Then restart the server. If you don’t have root access to the server you’ll need to ask your host to do it or another way is to increase the memory limit with php at the top of the file add:

ini_set('memory_limit', '256M');

This solves the problem without needing to edit the fcgid.conf file.



Fixing Mod_fcgid: Read Data Timeout

Ref. http://kb.odin.com/ + https://daveismyname.com

Good luck .

Set Up DNS Services on cPanel – cPanel ready as master DNS server or Add2DNS

Set Up DNS Services on cPanel – cPanel ready as master DNS server or Add2DNS


cPanel is a Linux based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides capabilities for administrators, resellers, and end-user website owners to control the various aspects of website and server administration through a standard web browser.

cPanel is a commercial web-based control panel for server systems. It can help ease the burden of common system administration tasks such as website creation, database deployment and management, and more. This guide will show you how to set up your cPanel server to serve DNS records. These instructions should be done through your root WHM interface.

In addition to the GUI, cPanel also has command line and API-based access that allows third party software vendors, web hosting organizations, and developers to automate standard system administration processes.

Nameserver Selection

In your root WHM, under the Service Configuration section, click on “Nameserver Selection”. You will be presented with this screen:

cPanel Nameserver selection screen.

You can choose from BIND, MyDNS or NSD; the advantages and disadvantages for each are displayed. If you are unfamiliar with either of them, BIND will be the easiest to work with.

Nameserver Records

To use your own nameservers (e.g. ns1.mydomain.com, ns2.mydomain.com), you’ll need to create those entries at your registrar first. The process for adding those can vary based on which registrar you are using, so if you are unsure as to how to go about getting these entries set up, you should contact your registrar’s support and ask them how to do so. You’ll also need to add A records for your nameservers on your Linode within WHM. To do that, you’ll want to log into your WHM as root then navigate to the DNS Functions section and click on Edit DNS Zone, which will present you with this page:

cPanel Edit DNS screen.

Simply click the domain you used when you set up your nameservers at your registrar and click the Edit button to get to the DNS Editor screen. On the DNS Editor screen, you will want to add A records for your nameservers. To do this, you will fill in the spaces at the bottom of the screen like so:

cPanel add NS entries.

Just make sure you use your own Linode’s IP address. You can add more than two nameservers if you like.

Using Linode’s DNS Manager as a Slave

When using your BIND install on cPanel as your master nameserver and the Linode DNS Servers as a slave, you will want to set all of the nameservers at your registrar. You should have a list like this:

  • ns1.mydomain.com
  • ns2.mydomain.com
  • ns1.linode.com
  • ns2.linode.com
  • ns3.linode.com
  • ns4.linode.com
  • ns5.linode.com

The DNS changes can take up to 48 hours to propagate.

To get your cPanel Linode ready as your master DNS server, you’ll need to make a few additions/edits to your/etc/named.conf file.

The transfer of DNS records from your Master DNS server to the Linode DNS servers is done through AXFR queries. By default these are not allowed.

First open the /etc/named.conf file in your text editor and search for the following line:

recursion no;

You will need to change it to:

recursion yes;

After you make that edit, add these two sections under your recursion line:

allow-recursion {;;;;;;;;

 allow-transfer {;;;;;;;;


After your updates are complete, save and close thenamed.conf file.

Check that the configuration file is usable by issuing the command :

named-checkconf /etc/named.conf

If everything was done correctly, you should see no output. No output means everything is OK. If you get any errors, open the file and fix the reported issue. The errors are self explanatory and point to the exact issue.

Once the check is OK, the BIND service will need to be restarted in order for the changes to be picked up.

On the Left side in WHM under “Restart Services” Click DNS Server (BIND/NSD/My).

Click Yes to restart the service. Allow a few minutes for the service to restart.

You’ll then want to begin adding your domains to the Linode DNS Manager as slave zones.

  1. Log in to the Linode Manager and click on the DNS Manager tab.
  2. At the bottom, click on the “Add a domain zone” link.
  3. On the bottom right corner of the next page, click the link titled “I wanted a slave zone.”
  4. On the slave zone page, you’ll want to enter your domain name in the “Domain” box and your cPanel server’s main IP address in the “Masters” box.Linode slave zone screen.
  5. Click the “Add a Slave Zone” button.

    Once you save your slave zone, you’ll see a new text field titled “Domain Transfers”. You can leave this empty.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

Suggest you also check allow-transfer, allow-notify, also-notify settings in named.conf of your cPanel box.

Ref.  linode.com

Good luck ,


Security value of robots.txt or time bomb security flaw

Security value of robots.txt or time bomb security flaw ?

You might be surprised to hear that one small text file (robots.txt) , could be the downfall of your website – Security value of robots.txt or time bomb security flaw.

The robots.txt is a very simple text file that is placed on your root directory. An example would be www.yourdomain.com/robots.txt. This file tells search engine and other robots which areas of your site they are allowed to visit and index.

You can ONLY have one robots.txt on your site and ONLY in the root directory (where your home page is):


Web site with robots.txt free or website that care about privacy ?

Occasionally, a website has a robots.txt file which includes the following command:

User-agent: *
Disallow: /

The “User-agent: *” means this section applies to all robots. The “Disallow: /” tells the robot that it should not visit any pages on the site.

This is telling all bots to ignore THE ENTIRE domain, meaning none of that website’s pages or files would be listed at all by the search engines!!!

The aforementioned example highlights the importance of properly implementing a robots.txt file, so be sure to check yours to ensure you’re not unknowingly restricting your chances of being indexed by search engines.

If you have a very important website and you don’t want crawlers / search engines to access and scan entire site – this is a good way to start deal with it 🙂

With this example, all search engines are told that they cannot index anything in your Website. It is very important to understand what “all search engines” really means—all search engines who respect robots.txt. This does include all major search engines, but there’s nothing preventing a rogue search engine from simply ignoring these rules.

What you need in robots.txt ?

here’s often disagreements about what should and shouldn’t be put in robots.txt files.  Please note again that robots.txt isn’t meant to deal with security issues for your website, therefore I’d recommend that the location of any admin or private pages on your site aren’t included in the robots.txt file.  If you want to securely prevent robots from accessing any private content on your website then you need to password protect the area where they are stored.  Remember, robots.txt is designed to act as a guide for web robots, and not all of them will abide by your instructions.

Let’s look at different examples of how you may want to use the robots.txt file:

Allow everything and submit the sitemap – This is the best option for most websites, it allows all search engine to fully crawl the website and index all the data, it even shows the search engines where the XML sitemap is located so they can find new pages very quickly:

User-agent: *

Allow: /
#Sitemap Reference

Allow everything apart from one sub-directory – Sometimes you may have an area on your website where you don’t want search engines to show in the search engine results.  This could be a checkout area, image files, an irrelevant part of a forum or an adult section of a website for example all shown below.  Any URL including the path disallowed will be excluded by the search engines:

User-agent: *
Allow: /

# Disallowed Sub-Directories
Disallow: /checkout/
Disallow: /website-images/
Disallow: /forum/off-topic/
Disallow: /adult-chat/

Allow everything apart from certain files Sometimes you may want to show media on your website or provide documents but don’t want them to appear within image search results, social network previews or document search engine listings.  Files you may wish to block could be any animated GIFs, PDF instruction manuals or any development PHP files for example shown below:

User-agent: *
Allow: /

# Disallowed File Types
Disallow: /*.gif$
Disallow: /*.pdf$
Disallow: /*.PDF$
Disallow: /*.php$

Allow everything apart from certain webpages  Some webpages on your website may not be suitable to show in search engine results and you can block individual pages as well using the robots.txt file.  Webpages that you may wish to block could be your terms and conditions page, a page which you want to remove quickly for legal reasons or a page with sensitive information on which you don’t want to be searchable (remember that people can still read your robot.txt file and the pages will still be seen by some scrupulous crawler bots):

User-agent: *
Allow: /

# Disallowed Web Pages
Disallow: /terms.html
Disallow: /blog/how-to-blow-up-the-moon
Disallow: /secret-list-of-contacts.php

Allow everything apart from certain patterns of URLs – Lastly you may have an awkward pattern of URLs which you may wish to disallow, one’s which may be nicely grouped into a certain sub-directory.  Examples of URL patterns you may wish to block might be internal search result pages, left over test pages from development or 2nd, 3rd, 4th etc. pages of an ecommerce category page:

User-agent: *
Allow: /

# Disallowed URL Patterns
Disallow: /*search=
Disallow: /*_test.php$
Disallow: /*?page=*

 How to test robots.txt ?

You can test robots.txt in one very easy way 🙂 just enter to the file from you local/remote browser  .In example you may see my robots.txt file.

I recommend you to test your robots.txt to ensure that search crawlers will access to it from any location (or specific). In addition , you may “ask” Google to check robots.txt file and YES! Google can check it 🙂

By taking a good look at your website’s robots.txt file and making sure that the syntax is set up correctly, you’ll avoid search engine ranking problems. By disallowing the search engines to index duplicate content on your website, you can potentially overcome duplicate content issues that might hurt your search engine rankings.

The robots.txt tester, located under the Crawl section of Google Webmaster Tools, will now let you test whether there’s an issue in your file that’s blocking Google. (This section of GWT used to be known as Blocked URLs.)

Screenshot from 2014-07-04 16-11-22

Here you’ll see the current robots.txt file, and can test new URLs to see whether they’re disallowed for crawling. To guide your way through complicated directives, it will highlight the specific one that led to the final decision. You can make changes in the file and test those too, you’ll just need to upload the new version of the file to your server afterwards to make the changes take effect. Our developers site has more about robots.txt directives and how the files are processed.

Additionally, you’ll be able to review older versions of your robots.txt file, and see when access issues block us from crawling. For example, if Googlebot sees a 500 server error for the robots.txt file, we’ll generally pause further crawling of the website.

Since there may be some errors or warnings shown for your existing sites, we recommend double-checking their robots.txt files. You can also combine it with other parts of Webmaster Tools: for example, you might use the updated Fetch as Google tool to render important pages on your website. If any blocked URLs are reported, you can use this robots.txt tester to find the directive that’s blocking them, and, of course, then improve that. A common problem we’ve seen comes from old robots.txt files that block CSS, JavaScript, or mobile content — fixing that is often trivial once you’ve seen it.



I must say my opinion about robots.txt is really rare but i think its a security flaw for websites and big systems that running in the WEB .

Many attackers and many hackers may use robots.txt info as helping to get a success penetration to the system .

I can give a little example for that problem (http://www.alexa.com/topsites) :

# Example 1

website : http://baskino.com/

robots file : http://baskino.com/robots.txt


cool info that not present at all : http://baskino.com/statistics.html



# Example 2

website: http://news.sky.com/

robots file : http://news.sky.com/robots.txt


cool info that not present at all : http://news.sky.com/status/status.json


# Example 3

website:  http://kukuruku.co/

robots file : http://kukuruku.co/robots.txt


cool info that not present at all : http://kukuruku.co/include/ kukuriko

# Example 4

website : https://www.yahoo.com/

robots file : https://www.yahoo.com/robots.txt


cool info that not present at all : https://www.yahoo.com/_remote


cool info that not present at all : https://www.yahoo.com/_tdpp_api


# Example 5

website: http://www.arcas.co.uk/

robots file : http://www.arcas.co.uk/robots.txt


cool info that not present at all : http://www.arcas.co.uk/administrator/


As you can see , 60 sec and i can know what website is hiding and that information may help me to penetrate successfully to the site.

Stay safe ! (Security value of robots.txt or time bomb security flaw)

Good luck

oDesk is now Upwork


oDesk is now Upwork .

Today we relaunched oDesk as Upwork. Upwork is a new name, and also a new platform for connecting you with great jobs, faster and more easily than ever before.

Starting today you’ll begin to see many new features roll out, including:

  • New messaging tools for faster collaboration
  • A new mobile app for iPhone and Android
  • A new Hiring Hub with helpful ideas, articles and guides

You’ll see familiar oDesk functionality and your existing profile, but with a lighter and more mobile-friendly design. We’ll keep you updated as new features are released—beginning with this post introducing Upwork.

As the company’s new CEO and former head of product development, it’s an honor to welcome you to Upwork!

  • Short Description
    Upwork (formerly oDesk) is the world’s largest freelance talent marketplace. Our vision is to connect businesses with great talent faster than ever.
  • Long Description
    As an increasingly connected and independent workforce goes online, knowledge work —like software before it— is shifting online as well. This shift is making it faster and easier for clients to connect and work with talent in near real-time and is freeing professionals everywhere from having to work at a set time and place. Freelancers are earning more than $1 billion annually via Upwork. From seasoned executives to college students, from lawyers to transcriptionists, from Bostonians to Bolivians, we offer a world of work opportunities for all skills. Businesses of every size use Upwork, from one-person startups to major corporations, to hire any kind of work that can be done on a computer — we offer more than 2700 skills in categories including:● Web Developers
    ● Mobile Developers
    ● Designers & Creatives
    ● Writers
    ● Virtual Assistants
    ● Customer Service Agents
    ● Sales & Marketing Experts
    ● Accountants & Consultants






New Skin for Plesk 12

We’ve always strived to keep Plesk visually modern and pleasant for users, so we have created a new additional skin for Plesk 12. We would love to hear your opinion on this skin, as we’re evaluating it as a possible replacement for current default Plesk skin.

Try this new look&feel and let us know what you think.

New Plesk skin

The primary goal of the new skin was to make Plesk look more modern. We wanted the skin to be neat and clean, without unnecessary graphical elements that can distract users from perceiving important information. This path has eventually led us to “flat” design focused on minimalistic usage of UI elements and typography without complex visual decorations like shadows, glows, textures, and gradients. We wanted Plesk to have a “simple”, but at the same time “cool and modern” look.

Below are some screenshots that illustrate the new skin.

Service Provider View – Home page

Service Provider View – Tools & Settings

Power User View – Websites & Domains

Power User View – Add New Email Address

Power User View – Files

Power User View – Adaptation For Mobile Devices

What is next

  • Updating icons to suit the new style.
  • Implementing responsive UI for Service Provider View (getting rid of frames), so it will work nicely on mobile devices
  • And much more…

Tell us what we’ve missed and what do you think about this skin.

Thank you!

Good luck


New Skin for Plesk 12

Ref. devblog.plesk.com