cd /vz/root/
rm -rf */var/www/vhosts/*/statistics/logs/*.processed
rm -rf /vz/root/*/var/lib/psa/dumps/*
rm -rf */var/www/vhosts/*/statistics/logs/*processed*
rm -rf */var/www/vhosts/*/statistics/logs/*.processed.*
rm -rf */var/www/vhosts/*/statistics/logs/error_log.*.gz
After enabling a jail, fail2ban service can be neither restarted nor stopped. The service status is shown wrong, without the jails list:
# service fail2ban status
fail2ban-server (pid 3291) is running
/var/log/fail2ban.log shows that it stopped when adding log files to its monitoring pool:
2014-07-27 21:09:25,487 fail2ban.filter [25047]: INFO Added logfile = /var/www/vhosts/system/dom1.com/logs/proxy_access_log
2014-07-27 21:09:25,985 fail2ban.filter [25047]: INFO Added logfile = /var/www/vhosts/system/domain.com/logs/proxy_access_ssl_log
Fail2ban has plesk-apache-badbot and plesk-apache (or other big) jails enabled. That jail forces fail2ban to parse all the access and error logs for each virtual host and Apache’s access log. In case if there are a lot of virtual host access logs, the service hangs by resource over usage trying to parse all of them.
NOTE: When you enable this jail in panel you might see the warning:
Warning: Fail2Ban might not work well if there are many domains and Fail2Ban has to monitor too many log files.
|):
# ps aux | grep fail2ban|awk '{print $2}'|xargs kill -9
.pid file:
# rm -f /var/run/fail2ban/fail2ban.pid
plesk-apache-badbot (or disable the jail altohether). Open file/etc/fail2ban/jail.d/plesk.conf and change the mask of the path to logs from '*access*log' to '*access_log':
[plesk-apache-badbot]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https,7080,7081"]
logpath = /var/www/vhosts/system/*/logs/*access_log
/var/log/httpd/*access_log
fail2ban-client reload. Otherwise start the service.Fail2Ban can use a lot of RAM on the server, in case if it monitors a lot of jails with many log files! Make sure that the server will not experience the out-of-memory condition before applying this solution! If it does – disable some jails.
In case if you have a very big amount of domains on your Plesk server, and the above workaround doesn’t help, you may divide the logs by different jails, so that they are loaded one by one and therefore minimize the amount of logs in one jail. This should help, since issue is caused by a single big jail with a lot of logs, but it won’t be happening when there are a lot of jails with small amount of logs included.
Please use the following commands to create separate jails for domains according to the first name letter\digit:
admin_email=`mysql -Ns -uadmin -p\`cat /etc/psa/.psa.shadow\` psa -Ne"select email from clients where login='admin'"`
for i in a b c d e f g h i j k l m n o p q r s t u v w x y z 1 2 3 4 5 6 7 8 9 0;do find /var/www/vhosts/system/$i*/logs/error_log 2>/dev/null 1>/dev/null; found=`echo $?`;if [ $found == "0" ];then echo "[[\"usedns\",\"no\"],[\"logpath\",\"\\/var\\/www\\/vhosts\\/system\\/$i*\\/logs\\/error_log\"],[\"enabled\",\"true\"],[\"filter\",\"apache-auth\"],[\"maxretry\",\"6\"],[\"__source__\",\"jail.d\\/plesk.conf\"],[\"action\",\"iptables-multiport[name=apache, port=\\\"http,https,7080,7081\\\"]\"],[\"ignoreip\",\"127.0.0.1\/8\"],[\"bantime\",\"600\"],[\"destemail\",\"$admin_email\"],[\"findtime\",\"600\"],[\"backend\",\"auto\"]]"|/usr/local/psa/admin/bin/f2bmng --set-jail plesk-apache-$i ;fi;done
for i in a b c d e f g h i j k l m n o p q r s t u v w x y z 1 2 3 4 5 6 7 8 9 0;do find /var/www/vhosts/system/$i*/logs/error_log 2>/dev/null 1>/dev/null; found=`echo $?`;if [ $found == "0" ];then echo "[[\"usedns\",\"no\"],[\"logpath\",\"\\/var\\/www\\/vhosts\\/system\\/$i*\\/logs\\/*access_log\"],[\"enabled\",\"true\"],[\"filter\",\"apache-badbots\"],[\"maxretry\",\"100\"],[\"__source__\",\"jail.d\\/plesk.conf\"],[\"action\",\"iptables-multiport[name=BadBots, port=\\\"http,https,7080,7081\\\"]\"],[\"ignoreip\",\"127.0.0.1\/8\"],[\"bantime\",\"172800\"],[\"destemail\",\"$admin_email\"],[\"findtime\",\"600\"],[\"backend\",\"auto\"]]" |/usr/local/psa/admin/bin/f2bmng --set-jail plesk-apache-badbot-$i;fi;done
plesk-apache-badbot:
/var/log/httpd/*error_log
plesk-apache:
/var/log/httpd/*access_log
wget http://kb.sp.parallels.com/Attachments/kcs-32570/add_jails.sh
chmod +x add_jails.sh
Domain created lowest (0) root /root/add_jails.sh <new_domain_name>
Default domain (the first domain added to a subscription or webspace) created lowest (0) root /root/add_jails.sh <new_domain_name>
Step by step instructions for moving a WordPress site between servers using ‘duplicator’ plugin.
Source server
1. Install duplicator
Login to WP admin area. Click Plugins. Search for ‘Duplicator’ plugin and install.
2. Activate the plugin through the ‘Plugins’ menu in WordPress
3. Click on the Duplicator link from the main menu
4. Create your first package.
You will go through a verification check of the setup. Fix any issues that duplicator finds.
5. FTP installer.php and packageName_archive.zip to destination server (download to PC, upload to new server).
Destination server
1. Move installer.php and package.zip file into document root directory.
2. Install WP through Plesk. This step is only necessary if you want Plesk to recognize the WP installation.
3. Look in the wp-config.php file and make a note of mysql db, user, password and then rename file to be wp-config.php.back.
4. Run the installer.php script. Adjust domain name and mysql settings.
5. Verify successful migration.
6. Remove migration files: installer.php, installer-data.sql, installer-log.txt, packageName_archive.zip, wp-config.php.back
http://kb.parallels.com/en/113790
Summary
Parallels server virtualization products use Parallels Virtual Automation (PVA) for standard backup and restore operations.
Parallels Virtual Automation Agent (PVA Agent) provides backup and restore tools and an API for the particular Hardware Node it is installed on.
Parallels Virtual Automation Management Node (PVA MN) provides a centralized backup and restore API for all nodes registered in the PVA group.
This article describes the backgrounds of the backup and restore processes, the server roles in the backup and restore processes, and common terms used in PVA.
Server roles
Generally, there are three roles in a backup or restore process:
Virtualization node – The Hardware Node with the virtual environments to be backed up. It must have Parallels Virtual Automation Agent installed.
Backup storage node – The Hardware Node used for storing backup data. It must have Parallels Virtual Automation Agent installed.
Control node – The server initiating the backup process. It must have either Parallels Virtual Automation Agent or Parallels Virtual Automation Management Node installed.
A single server can handle all three roles in the case of a local backup.
Backup scenarios
Scenario Roles Example
Local backup of mypvcserver
Virtualization node: mypvcserver
vzabackup -F mypvcserver -e CTID
Locally initiated backup to the remote storage
Virtualization node: myvpcserver
Backup storage node: remotestorage
Control node: myvpcserver
vzabackup –storage root@remotestorage localhost -e CTID
Backup initiated from the storage server
Virtualization node: myvpcserver
Backup storage node: remotestorage
Control node: myvpcserver
vzabackup -F mypvcserver
Backup of the server to remote storage initiated by the third server
Virtualization node: myvpcserver
Backup storage node: remotestorage
Control node: myvpcserver
vzabackup –storage root@remotestorage -F mypvcserver -e CTID
Backup tools and interfaces
Graphical
PVA Control Center – The web interface of PVA MN, allowing you to manage backups for all Hardware Nodes in the PVA group.
Power Panel – The web interface for managing a particular container. A backup initiated from the Power Panel is performed according to the local settings of the Hardware Node the container is hosted on.
Parallels Management Console (obsolete) – A graphical tool shipped with older versions of Parallels Virtuozzo Containers. This allows you to perform backup and restore operations across registered nodes.
Command-line
vzabackup\vzarestore – CLI interface to PVA Agent Backup API methods.
vzbackup\vzrestore (obsolete) – CLI interface to TAR-based backup. This does not require PVA Agent to be running.
NOTE: On Parallels Virtuozzo Containers for Windows, this is in the form of another wrapper on the vzabackup\vzarestore tool.
API
Backup interfaces of PVA Management Node XML API.
Backup interfaces of PVA Agent via SOAP and XML API.
Backup backend
Parallels provides two backends for backup files:
One that is compatible with Acronis Backup and Restore (default)
One that is compatible with TAR.
The backup engine backend can be switched in the PVA Agent configuration file:
Edit the PVA Agent configuration file:
/vz/pva/agent/etc/vzagent.conf
or
/var/opt/pva/agent/etc/vzagent.conf
Change the backend value to 0 for Acronis-compatible, or 1 for TAR-based:
vzlin_backup_serializer (for pre-PVA 4.6.4 nodes):
vzlin_backup_serializer11 (for PVA 4.6.4 and later versions):
Restart PVA Agent:
~# pvaagent restart
Additional information
How to increase PVA Agent timeouts for backup operations
Acronis Error: Module=0 Code=0, Tag=0 troubleshooting
Parallels Virtual Automation builds, releases, and supported virtualization products
If you are having problems with possible attack on your server, check the log files for the most common hits. Many times you will find one page being accessed beyond what would be normal.
va1-fv00150# cat /usr/local/apache/logs/*/*access_log | awk ‘{print $7}’ | sort | uniq -c | sort -rn | head
35806 /administrator/index.php
89 /
37 /robots.txt
30 /favicon.ico
20 /administrator/index.php?option=com_login
16 /imgs/flash.swf
15 /imgs/home.html
14 /wp-login.php
14 /js/AC_RunActiveContent.js
14 /imgs/styles.css
Use this information to find what log file is getting the hits:
va1-fv00150# grep -R “/administrator/index.php” /usr/local/apache/logs/*/*access_log | cut -d: -f1 | sort | uniq -c | sort -rn | head
38313 /usr/local/apache/logs/ibreporttv/ibreporttv.com-access_log
5 /usr/local/apache/logs/goinsidebusiness/goinsidebusiness.com-access_log
Login to the server and (as root or the account owner) run ‘mutt -f /path/to/his/mailbox’. From there you can type a capital ‘T’ (for “Tag messages matching the pattern I’m about to enter”), you will then be prompted to enter a pattern to match. Type ‘.’ (to match all strings) and enter. All messages should have an asterisk (“”) next to them.
Now type a semicolon (“;”–the semicolon tells mutt that the action you’re about to take applies to all tagged messages) and a lowercase ‘b’ (for “bounce”. Together ‘;b’ means “bounce all these messages I’ve just tagged”).
You’ll be prompted for an address to bounce the messages to. Type it in and wait a little bit for all the messages to bounce (you may be prompted by mutt to confirm you want to bounce the messages). When mutt tells you that it’s done, you can type semicolon again and then a lowercase ‘d’ (for “delete”). Type a ‘q’ to quit mutt.
show users that are sending email:
mail /var/log# grep authid= /var/log/maillog | awk -F “]” ‘{print$3}’ | awk -F , ‘{print$2}’ | tr -d ” ” | sort | uniq -c | sort -rn
show what IP addresses are sending email:
mail /var/log# grep authid= /var/log/maillog | awk -F “]” ‘{print$2}’ | awk -F “[” ‘{print$2}’ | tr -d ” ” | sort | uniq -c | sort -rn
After setting up a new website, only the default centos page is displayed.
Setup virtual host in the conf.d directory.
On a busy server, the default number of connections allowed for IMAP users might be too low. If you have IMAP customers complaining about connections being refused, you might need to increase the number of simultaneous connections.
Edit the following file:
/etc/courier-imap/imapd
Restart imapd:
/etc/init.d/courier-imapd restart
If you have a server that is not responding, there might be an attack on one of the domains. You can get a good idea if a normally low volume website is suddenly getting lots of traffic by running a few checks on the log files.
Count the number of posts to each unique file:
# grep POST /usr/local/apache2/logs/USER/DOMAIN-accesslog | awk ‘{print $7}’ | sort | uniq -c | sort -n
Count the number of times each IP posted to the domain:
# grep POST /usr/local/apache2/logs/USER/DOMAIN-accesslog | awk ‘{print $1}’ | sort | uniq -c | sort -n
Count the number of unique IP addresses that posted to the domain:
# grep POST /usr/local/apache2/logs/USER/DOMAIN-access_log | awk ‘{print $1}’ | sort | uniq | wc -l