Webmaster Tools, Tips and Tricks

 





 
Sensational 144075358



This site is powered by the ICQ2Go Panel © 2002 ICQ Inc. All Rights Reserved. Use of ICQ2Go Panel is subject to the ICQ Terms of Service.

Join our Informative
Newsletter & Group



Previous Posts

Google
Web ekhwan.com
hikmah.ekhwan.com










Quick Fix - an easy way to fix quota issues in CPanel

Cpanel/WHM sometimes has problems with the user quota files causing all users accounts to have unlimited disk space available or 0 megs of disk space in use. This obviously confuses your customers and doesn't show a real representation of actual disk space being used by your clients. This guide will take you through fixing any quota issues with Cpanel manually or automated.

Common reasons for quota problems
- There are files owned by the same user elsewhere on the server
- The backup directory is being counted towards the users disk quota
- Extra log files are being counted towards the users quota
- Cpanel was just updated and the quotas are now unlimited

Quick Fix - an easy way to fix quota issues

Step 1. Log into your server through SSH as the root user.

Step 2. Run the following command
/scripts/fixquotas

Labels: ,

Sunday, August 20, 2006

HOW-TO : Setting up Nameservers in cpanel.

Special Notes:
Some version of WHM/CPanel come with broken NDC. To fix this:

SSH into your box as root.

(a) Type: cd /scripts
(b) Type: ./updatenow
(c) Type: ./fixndc
(d) Type: service named stop
(e) Type: service named start

********************************************

1. Setup Nameservers In WHM
Go into WHM (Web Host Manager) and select Edit Setup from the Server Setup menu on the left. Enter ns1.newdomain.com in the Primary Nameserver field. Hit 'Assign IP Address' (write the IP down or remember it for the next step). Then hit 'Add an A Entry for this nameserver'.

Repeat this process for the Secondary Nameserver field.


2. Register Nameservers
Go to your domain registrar and register ns1.yourdomain.com (111.111.111.111) and ns2.yourdomain.com (222.222.222.222) as nameservers. 111.111.111.111 being the primary nameserver IP from step 1 and 222.222.222.222 being the secondary.

These registrations may take a few days to propagate (often as many as 3 days).


3. Reverse DNS
You may need Burstnet to enter a reverse DNS pointer (PTR Record) for your nameservers. You'll need to let them know each nameserver and its IP address. Sometimes you can suffer non-delivery of mail if you don't so this. Reverse DNS pointers can take a while to propagate. Send an email to support@burst.net with the following...

To: support@burst.net
From:
Subject: PTR Request

Please create the following PTR records.
123.123.123.123 - server.mydomain.com (Main Server IP)
111.111.111.111 - ns1.mydomain.com (This of course being your info)
222.222.222.222 - ns2.mydomain.com


4. Tidy Up Junk Nameservers
Go into WHM (Web Host Manager) and select Manage Nameserver IPs from the Server Setup menu on the left. Remove any nameservers you don't recognise. This is just a tidy up exercise in case anyone's set anything up on the box before you.


5. Initial Nameserver Setup
Go into WHM (Web Host Manager) and select Initial NameServer Setup from the Server Setup menu on the left.


6. Restart BIND
Restart BIND from SSH with (step 5 restarts BIND, but sometimes needs a proper stop and start for it to work):

service named stop
service named start


7. Manual Checks
This process doesn't always work, so there are some things you can check manually via SSH.

pico /etc/wwwacct.conf
Check that the nameservers are correctly specified on NS1, NS2 etc.

pico /etc/resolv.conf
Check that there are nameserver entries for each IP. There may also be one for 127.0.0.1 - this is okay.

Should read as follows:

domain maindomain.com
search maindomain.com
nameserver 127.0.0.1
nameserver 111.111.111.111
nameserver 222.222.222.222

Where 'maindomain.com' is the main domain of my server, and '111.111.111.111' and '222.222.222.222' are the IP addresses of my primary and secondary nameservers.


pico /etc/nameserverips
Check that there are entries for each IP acting as a nameserver.

Labels: ,

Thursday, August 17, 2006

A Beginner's Guide to Securing Your Server

A Beginner's Guide to Securing Your Server (Security Inside WHM/CPanel)

These are items inside of WHM/Cpanel that should be changed to secure your server.

Goto Server Setup =>> Tweak Settings

Check the following items...

Under Domains

Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

Under Mail

Attempt to prevent pop3 connection floods

Default catch-all/default address behavior for new accounts - fail

Under System

Use jailshell as the default shell for all new accounts and modified accounts

Goto Server Setup =>> Tweak Security

Enable php open_basedir Protection

Enable mod_userdir Protection

Disabled Compilers for unprivileged users.

Goto Server Setup =>> Manage Wheel Group Users

Remove all users except for root and your main account from the wheel group.

Goto Server Setup =>> Shell Fork Bomb Protection

Enable Shell Fork Bomb/Memory Protection

When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.

Goto Service Configuration =>> FTP Configuration

Disable Anonymous FTP

Goto Account Functions =>> Manage Shell Access

Disable Shell Access for all users (except yourself)

Goto Mysql =>> MySQL Root Password

Change root password for MySQL

Goto Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans:

/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod

A Beginner's Guide to Securing Your Server (with SSH access)

These are measures that can be taken to secure your server, with SSH access.

Udate OS, Apache and CPanel to the latest stable versions.

This can be done from WHM/CPanel.

Restrict SSH Access


To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.


SSH into server and login as root.

Note: You can download Putty by Clicking Here. It's a clean running application that will not require installation on Windows-boxes.


At command prompt type: pico /etc/ssh/sshd_config

Scroll down to the section of the file that looks like this:

Code:

#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::


Uncomment and change

#Port 22

to look like

Port 5678 (choose your own 4 to 5 digit port number (49151 is the highest port number)


Uncomment and change

#Protocol 2, 1

to look like

Protocol 2


Uncomment and change

#ListenAddress 0.0.0.0

to look like

ListenAddress 123.123.123.15 (use one of your own IP Addresses that has been assigned to your server)


Note 1: If you would like to disable direct Root Login, scroll down until you find

#PermitRootLogin yes

and uncomment it and make it look like

PermitRootLogin no

Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard.


Note 2: You can also create a custome nameserver specifically for your new SSH IP address. Just create one called something like ssh.xyz.com or whatever. Be sure to add an A address to your zone file for the new nameserver.


Now restart SSH

At command prompt type: [b]/etc/rc.d/init.d/sshd restart[b]


Exit out of SSH, and then re-login to SSH using the new IP or nameserver, and the new port.


Note: If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.


Disable Telnet

To disable telnet, SSH into server and login as root.

At command prompt type: pico -w /etc/xinetd.d/telnet

change disable = no to disable = yes

Save and Exit

At command prompt type: /etc/init.d/xinetd restart


Server e-mail everytime someone logs in as root

To have the server e-mail you everytime someone logs in as root, SSH into server and login as root.

At command prompt type: pico .bash_profile

Scroll down to the end of the file and add the following line:

echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com

Save and exit.


Set an SSH Legal Message

To an SSH legal message, SSH into server and login as root.

At command prompt type: pico /etc/motd

Enter your message, save and exit.

Note: I use the following message...

Code:

ALERT! You are entering a secured area! Your IP and login information
have been recorded. System administration has been notified.

This system is restricted to authorized access only. All activities on
this system are recorded and logged. Unauthorized access will be fully
investigated and reported to the appropriate law enforcement agencies.

Now everytime someone logs in as root, they will see this message... go ahead a try it.


Disable Shell Accounts

To disable any shell accounts hosted on your server SSH into server and login as root.

At command prompt type: locate shell.php

Also check for:

locate irc
locate eggdrop
locate bnc
locate BNC
locate ptlink
locate BitchX
locate guardservices
locate psyBNC
locate .rhosts

Note: There will be several listings that will be OS/CPanel related. Examples are

/home/cpapachebuild/buildapache/php-4.3.1/ext/ircg
/usr/local/cpanel/etc/sym/eggdrop.sym
/usr/local/cpanel/etc/sym/bnc.sym
/usr/local/cpanel/etc/sym/psyBNC.sym
/usr/local/cpanel/etc/sym/ptlink.sym
/usr/lib/libncurses.so
/usr/lib/libncurses.a
etc.


Disable identification output for Apache

To disable the version output for proftp, SSH into server and login as root.

At command prompt type: pico /etc/httpd/conf/httpd.conf


Scroll (way) down and change the following line to

ServerSignature Off


Restart Apache

At command prompt type: /etc/rc.d/init.d/httpd restart

A Beginner's Guide to Securing Your Server (Apps to install)

These are applications that will help to secure your server.

Install chkrootkit

To install chrootkit, SSH into server and login as root.

At command prompt type: cd /root/

At command prompt type: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

At command prompt type: tar xvzf chkrootkit.tar.gz

At command prompt type: cd chkrootkit-0.44

At command prompt type: make sense

To run chkrootkit

At command prompt type: /root/chkrootkit-0.44/chkrootkit

Make sure you run it on a regular basis, perhaps including it in a cron job.



Install rkhunter

1. Login to your server via SSH as root.
Then Type: cd /usr/local/src/

2. Download RKHunter Version 1.1.4
Type: wget http://downloads.rootkit.nl/rkhunter-1.1.4.tar.gz

3. Extract files
Type: tar -xzvf rkhunter-1.1.4.tar.gz

4. Type: cd rkhunter

5. Type: ./installer.sh

6. Lets setup RKHunter to e-mail you you daily scan reports.
Type: pico -w /etc/cron.daily/rkhunter.sh

Add The Following:
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "RKhunter Scan Details" replace-this@with-your-email.com)

Replace the e-mail above with your e-mail!! It is best to send the e-mail to an e-mail off-site so that if the box IS compromised the hacker can't erase the scan report unless he hacks another server too.

Type: chmod +x /etc/cron.daily/rkhunter.sh


Install APF Firewall

To install APF, SSH into server and login as root.

At command prompt type: cd /root/

At command prompt type: wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

At command prompt type: tar -xvzf apf-current.tar.gz

At command prompt type: rm -f apf-current.tar.gz

At command prompt type: cd apf-0.9.4-6

At command prompt type: sh ./install.sh


After APF has been installed, you need to edit the configuration file.

At command prompt type: cd /etc/apf

At command prompt type: pico -w conf.apf


Scroll down and find

USE_DS="0"

change it to

USE_DS="1"


Now scroll down and configure the Ports. The following ports are required for CPanel:

Code:

Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,465,953,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,3000_3500"
Note: If you changed the port for SSH, be sure to include that port and remove port 22.

-----
21 FTP (TCP)
22 SSH (TCP)
25 SMTP (TCP)
53 DNS - Domain Name Server (TCP)
80 HTTP (TCP)
110 POP3 (TCP)
143 IMAP (TCP)
443 HTTPS (TCP)
465 sSMTP (TCP)
953 ??BIND??
993 IMAP4 protocol over TLS/SSL (TCP)
995 POP3 protocol over TLS/SSL (was spop3) (TCP)
2082 CPANEL (http://sitename.com:2082) (TCP)
2083 CPANEL SSL (https://sitename.com:2083) (TCP)
2084 entropychat server (disable from CPANEL service manager if not used) (TCP)
2086 WHM (http://sitename.com:2086) (TCP)
2087 WHM SSL (https://sitename.com:2087) (TCP)
2095 WebMail (http://sitename.com:2095) (TCP)
2096 WebMail SSL (https://sitename.com:2096)
3306 mySQL remote access (TCP)
6666 Melange chat Server (disable from CPANEL service manager if not used) (TCP)
7786 Interchange (TCP)
3000_3500
-----
5100 for ASP,
8080 and 8443 for JSP if you use them.
-----


Code:

Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53,6277
-----
53 DNS - Domain Name Server
6277 SpamAssassin / DCC (email scanning)
-----


Code:

Common ICMP (inbound) types
IG_ICMP_TYPES="3,5,11,0,30,8"
-----
0 Echo Reply
3 Destination Unreachable
5 Destination Unreachable
8 Echo
11 Time Exceeded
30 Traceroute
-----


Code:

Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,37,53,80,110,113,#123,443,43,873,953,2089,2703,3306"
-----
21 FTP
25 SMTP
37 Required for CPANEL Licensing
53 DNS - Domain Name Server
80 HTTP
110 POP3 (if you have scripts that need to retrieve email via POP, e.g. HelpDesk)
113 Authentication Protocol (AUTH)
123 NTP (Network Time)
443 HTTPS
43 WHOIS
873 rsync (CPanel updates)
953 BIND ??
2089 Required for CPANEL Licensing
2703 Razor (email scanning)
3306 mySQL remote access
-----


Code:

Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,873,953,6277"
-----
20 ftp-data
21 FTP
53 DNS - Domain Name Server
873 rsync
953 BIND ??
6277 SpamAssassin / DCC (email scanning)
-----


Code:

Common ICMP (outbound) types
EG_ICMP_TYPES="all"



Save the changes then exit.


To start APF

At command prompt type: /usr/local/sbin/apf -s

APF commands are:

-s start
-r restart
-f flush - stop
-l list
-st status
-a HOST allow HOST
-d HOST deny HOST


Log out of SSH and then login again.


After you are sure everything is working fine, change the DEV option

At command prompt type: cd /etc/apf

At command prompt type: pico -w conf.apf


Scroll down and find

DEVM="1"

change it to

DEVM="0"


Save changes, exit and then restart firewall,

At command prompt type: /usr/local/sbin/apf -r


Install BFD (Brute Force Detection)

To install BFD, SSH into server and login as root.

At command prompt type: cd /root/

At command prompt type: wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

At command prompt type: tar -xvzf bfd-current.tar.gz

At command prompt type: cd bfd-0.4

At command prompt type: ./install.sh


After BFD has been installed, you need to edit the configuration file.

At command prompt type: pico /usr/local/bfd/conf.bfd


Under Enable brute force hack attempt alerts:

Find

ALERT_USR="0"

and change it to

ALERT_USR="1"


Find

EMAIL_USR="root"

and change it to

EMAIL_USR="your@email.com"


Save the changes then exit.


To start BFD

At command prompt type: /usr/local/sbin/bfd -s


Modify LogWatch

Logwatch is a customizable log analysis system. It parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is already installed on most CPanel servers.


To modify LogWatch, SSH into server and login as root.

At command prompt type: pico -w /etc/log.d/conf/logwatch.conf


Scroll down to

MailTo = root

and change to

Mailto = your@email.com

Note: Set the e-mail address to an offsite account incase you get hacked.


Now scroll down to

Detail = Low

Change that to Medium, or High...

Detail = 5 or Detail = 10

Note: High will give you more detailed logs with all actions.


Save and exit.

Labels: ,

Wednesday, August 16, 2006

Resource Saving Tips for shared accounts

Resource Saving Tips

This tutorial is focused mainly at cPanel users but is for everybody who would like to get a little extra bang for their buck. Resources are what it is all about in the webmaster world and conserving some resources is crucial in money management. Even if you think you may have pulled all measures to save resources this may be a helpful tutorial. Yet again you may already know everything here. Read on to find out.

Conserving Bandwidth

Bandwidth is what is all about, do you have enough to get your visitors what they need with sufficient overhead? Too much overhead is a waste but too little overhead will make you lose customers, so how do you determine how much bandwidth you will use? How do you save bandwidth?
  • A little known method of bandwidth saving tips (mostly because hosts do not want you to know) is a very simple one... using the control panel from your domain contributes to your overall bandwidth. Use your hosts domain instead
    For example: instead of going to http://yourdomain.com/cpanel for cPanel go to http://yourhost.com/cpanel (switching "yourhost" with your hosts website)
  • Disable HotLinking - HotLinking is where people will link from another website to your images or downloads and not give your website any credit. Basically the images are on your website and this website just links image tags to your website, Basically they are stealing your bandwidth. There is a tutorial on how to go about this if you are not sure how to accomplish this.
  • Enable caching on your website if its not dynamic. Caching will allow the end users computer to read from your server once in a while, the rest of the times it will read from its own backup copies until they expire.
  • Optimize your images for the internet and shrink their size, never use bitmap files (.bmp) and stick to jpeg (.jpg) or gif (.gif) files for images, these are optimized for the internet. There are conversion programs out there and there are optimization programs, be sure to get an optimization program that will be able to retain the images quality while drastically reducing its size. More than 50% of the bandwidth on most websites comes from images.
  • If you run any forums or submission scripts on your website ensure that they are secured (require a validation code for submission or login) this will reduce the possibilities of people making bots to spam your website and will reduce bandwidth usage.
  • Websites that have Large images, Videos, MP3's, and large files will use a lot of bandwidth. Some websites may need these but if you are sure your website doesn't need them then don't use them. It will save A lot of bandwidth
  • Limiting robot scanning can help greatly, this includes bots by google, msn, and yahoo alike. All you have to do is create a robots.txt and tell the bots what and what not to index. You can also do this with .htaccess if you are experienced enough.
  • Look at your logs of visitors, if you see any suspicious activity of what you may believe to be a bandwidth hog you can block these users from accessing your website via .htaccess or cPanel
Taking these measures Will save bandwidth but will not ensure you not to go over your limit. If you have a popular website be equipped with a lot of bandwidth respectively. Typically you should have 15% - 45% extra overhead on your bandwidth. You can calculate used bandwidth by how many hits you will be expecting by the average size of all of your files.

Conserving Storage

Storage is the second most important factor in web hosting with bandwidth in the lead. Storage is the amount of space you have to put files on the web server. Most websites generally do not use much storage, the most of what they use is bandwidth. However some sites make the exception and provide a multitude of things or just some big files. Either way here are some conservation tips on storage.
  • Zip up all files meant to be downloaded - if you want to have a database of downloads or just offer a couple of downloads this will greatly reduce the amount of space and bandwidth you use. If you are offering big documents for download as well (over 250kb) you should zip these up as well.
  • Optimize images - as said in bandwidth conservation, images play a majority in resources on the typical website. Optimizing images for the web is a rather crucial step in resource conservation.
  • Avoid Duplicate files - Duplicate files do you no good, make your hyperlinks point to the same file rather than the same file in 2 places on your account. This also makes updating much easier as you only have to update only one file.
  • Manage Backups - While backups are helpful they will pile up, Keep no more than 3 backups on your web hosting account simultaneously. Consider the fact that the backups are almost the size of your entire account, so 2 backups more than doubles your accounts disk usage in the typical scenario. Usually you should make the backup, download it, then delete it from FTP. However having a backup of the backup on the webserver will not hurt.
  • File Management - Remove unneeded, unlinked files. These files will be serving you no good anyway.
  • Use Dynamic Pages if you can, Dynamic pages do not require every page to be stored and can prove helpful. Instead of having multiple pages you can have one main file with a bunch of files that are included or generated via a language such as PHP. MySQL also helps in this as well, it is a further extent of space saving.
Saving space on a webserver is very easy and webspace isn't in as much demand as bandwidth, however the storage can be a deciding factor in your web hosting price. Be sure to not use any excess to save yourself hassle and bills. Whether you are a website offering many downloads or a website with no downloads conserving space is a very helpful practice.

Other Conservation Tips

Although the main conservation tips have been stated there are some you should know about...
  • MySQL/PostgreSQL Management - Be sure that you do not use too many, you can put different scripts in the same database for compacting. This will allow for you to meet your limit without having to go over. MySQL databases are almost always limited due to the fact they may be resource strenuous, as a countermeasure webhosts limit these to provide a cleaner service.
  • If you have severly limited e-mails use them wisely, instead of using a different e-mail for a different service or function try to mix them together and have a generalization mix. So instead of having support@yourdomain.com and billing@yourdomain.com and request@yourdomain.com you could sum them all down to websitename@yourdomain.com
Resource saving is helpful, especially when you are tight for money. Follow these tips and you should be better off for a cleaner, more effecient web hosting experience.
- Howard

Labels: ,

Tuesday, May 09, 2006

Where did your dedicated server come from?

Before you buy
Before you make that commitment to dedicated hosting, you should know where your machine came from. Is it new? Are any of the components refurbished? Is it a Dell, a Compaq or even a “clone”?

These are all very important questions that may not be approached unless you specifically ask.

For example, many Internet Service Providers will tell you that your dedicated server has a Pentium processor, or a Western Digital hard drive –but what does that really tell you about the reliability of your machine?

Virtually all computer hardware components that conform to IBM industry standards can be purchased separately. Anyone with a little know-how and the proper motivation can build an IBM compatible “clone” computer in a matter of hours, utilizing virtually the same hardware components found in any name brand machine.

To clone or not to clone
When properly manufactured and maintained by a knowledgeable IT staff, clone computers can perform just as well as those manufactured by the industry giants such as Dell and Compaq. But when you purchase a clone machine, you quite literally have absolutely no idea who manufactured it and under what conditions. In comparison, when you purchase a name brand computer, you know that it was manufactured under rigorous quality control standards and is backed in its entirety by a manufacturer’s warranty. Often times, if a name brand machine experiences a major hardware malfunction –the entire unit will be replaced, free of charge and with no questions asked.

The pitfalls of Computer “Clones”
As previously mentioned, only each individual hardware component is guaranteed by the original manufacturer’s warranty when dealing with clone computers. If your Western Digital hard drive fails, it must be sent back to Western Digital (for example). If your Pentium processor fails, it must be sent back to an Intel distribution center. If you begin to experience multiple problems with your clone machine, you could soon find yourself lost in a seemingly endless maze of Return Merchandise Authorization forms, warranties and late night e-mails.

A few more things to consider
Of course, your Internet Service Provider will assume the responsibility of wading through the support process in the case of a severe system failure, but would you sleep better at night knowing that they can simply place a single call to your server’s manufacturer in order to resolve the issue? Or are you okay with the knowledge that many vendors, manufacturers and distribution centers may get involved in the process before the issue is fully resolved?

Various start-up hosting companies offer clone servers as a means to cut costs. Purchasing the components separately and then building the machine onsite can result in saving hundreds of dollars per unit –as opposed to purchasing the pricier, pre-configured name brand units. If your ISP does not explicitly mention the manufacturer of your server, you should ask for this information. There could be a possibility that your machine was not built by an industry leader, is not backed by a full warranty and could be more trouble than it’s worth.

__________________
Web Hosting Jury - over 2000 hosting USER reviews
Love Your Host? Hate Your Host? - Submit a review

Labels:

Sunday, January 22, 2006

Tutorial: simple backup rotation scripts

I received several requests to post my backup scripts. Before I start, I think some background info is needed (i.e. what their purpose is): I've written them as part of the "Enterprise Class Backup" system we offer for webhosting accounts. Following rotation is used:

1) Full account backups:
a) on-server (dedicated hard drive used only for storing backups)
- daily backups, 7 days rotation
- weekly backups, 4 weeks rotation
- the standard daily/weekly/monthly cPanel backups are also available on this drive (1 day/1 week/1 month rotation)
b) off-server (another server in the same datacenter)
- weekly backups, 12 weeks rotation
c) off-site (stored on DVDs in a Swiss bank vault)
- monthly backups, 24 months rotation

2) MySQL database backups:
a) on-server (dedicated hard drive used only for storing backups)
- hourly backups, 24 hours rotation
b) off-server (another server in the same datacenter)
- daily backups, 7 days rotation
c) off-site
- weekly backups, stored on the monthly DVDs

Step by step guide

First of all, I'll describe the environment that's needed to run these scripts 1:1. This is a cPanel server running GNU/Linux, and while cPanel is not neccessary (you could use any other backups instead of the daily cPanel account backups, just modify the scripts), I can't say on what non-GNU/Linux OSes it would work without changes. Since we're talking about simple shell commands, they might work on other *Nix OSes like *BSD or Solaris, but I haven't tested it. You're welcome to post your findings.

a) on-server backups

You'll need a certain directory structure so the scripts work without modifications. The backup hard drive is mounted as /backup and has the following directories:

/backup/cpbackup : here are the cPanel backups. The three subdirs will be created automatically by cPanel/WHM.

/backup/rotation: this is where my scripts write their output. You need to create following subdirs: hourly, daily, weekly, monthly. You don't need to create any directories under these subdirs, the scripts will take care of that.

Let's start with the hourly rotation for MySQL backups. These aren't compressed because their primary purpose is if a client suddenly calls you in tears saying they just destroyed/corrupted/whatever their big and important DB 5 minutes ago, you can just copy back their files from the backup location to the /var/lib/mysql subdir and they'll be happy. This is my script in /etc/cron.hourly (file permissions 7xx):

code:

#!/bin/sh
rm -rf /backup/rotation/hourly/$(date +"%H")
mkdir /backup/rotation/hourly/$(date +"%H")
cp -R /var/lib/mysql/* /backup/rotation/hourly/$(date +"%H")
The daily rotation runs a couple of hours after the cPanel nightly backup and copies the latest account backups into the directory that corresponds to the current day and keeps them for 7 days before overwriting them:
 
code:

#!/bin/sh
rm -rf /backup/rotation/daily/$(date +"%u")
mkdir /backup/rotation/daily/$(date +"%u")
cp -R /backup/cpbackup/daily/* /backup/rotation/daily/$(date +"%u")
It's in /etc/cron.daily of course and needs to be owner executable (7xx).

The weekly rotation script does the same. Note that this one doesn't have an automatic delete mechanism (well a 52-week one), because I prefer to monitor available disc space and as long as there are sufficient reserves I keep the files, longer than advertised (after all, advertising and SLA is in my eyes the minimum, more is always OK). The script is located in /etc/cron.weekly and needs to be chmoded to 7xx.

 
code:

#!/bin/sh
rm -rf /backup/rotation/weekly/$(date +"%V")
mkdir /backup/rotation/weekly/$(date +"%V")
cp -R /backup/cpbackup/daily/* /backup/rotation/weekly/$(date +"%V")
The monthly script adds some new twists for still another layer of security: there have been reports again and again that cPanel/WHM corrupted a certain account's backup and all backup files were useless. In this case, the following (mind you, storage space wasting) addition makes sure that in this worst case you still have the majority of data for the customer. While it needs you to setup the account from scratch and copy lots of things into it and still do some of the steps manually (like setting up the MySQL DBs and users in cPanel), at least all website data, MySQL DBs, e-mails stored on the server, webstat outputs etc is still available. The script goes into /etc/cron.monthly and has a 7xx permission.

 
code:

#!/bin/sh
rm -rf /backup/rotation/monthly/$(date +"%m")
mkdir /backup/rotation/monthly/$(date +"%m")
cp -R /backup/cpbackup/daily /backup/rotation/monthly/$(date +"%m")
cp -R /var/lib/mysql /backup/rotation/monthly/$(date +"%m")
cp -R /home /backup/rotation/monthly/$(date +"%m")
b) off-server backups

These are stored on an external backup server to which I have only FTP access (thus no fancy stuff). The first is the MySQL daily backup, located in /etc/cron.daily (7xx as always):

 
code:

#!/bin/sh
cd /backup/rotation
tar -zcf mysql_$(date +"%F").tar.gz /var/lib/mysql/*
ftp -in <open 127.0.0.1
user yourusername yourpassword
bin
hash
prompt
put mysql_$(date +"%F").tar.gz
bye
rm -f mysql_$(date +"%F").tar.gz
You need to modify three variables: IP address (or hostname) where you connect to, username and password for the FTP access. I have to admit that the last line doesn't work (not yet sure why), the files are put but then they aren't deleted from the local place. Since these are relatively small and I've got ample storage space, I didn't look into this further (yet).

Next is the weekly FTP backup. This is a rather crude job, taking lots of CPU horsepower if you've got lots of accounts. It creates a giant .tar.gz of everything in the daily cPanel backup dir and pushes this on to the FTP backup server. Since by now we're speaking about disaster recovery backups (which you should not need in a normal case), I prefer having them in one big file instead of many small ones (if you prefer hundreds of small files every week in your FTP space, you can always use the mput command):

 
code:

#!/bin/sh
cd /backup/rotation
tar -zcf cpbackup_$(date +"%F").tar.gz /backup/cpbackup/daily/*
ftp -in <open 127.0.0.1
user yourusername yourpassword
bin
hash
prompt
put cpbackup_$(date +"%F").tar.gz
bye
rm -f cpbackup_$(date +"%F").tar.gz
Same comments apply as to the daily job.

There is no monthly FTP job because in its place is the monthly off-site backup job.

c) off-site backups

The off-site part is done manually, I first copy the contents of /backup/cpbackup/daily to a directory with FTP access, then use an FTP client to download the files to a local machine and shovel them on a DVD. For the weekly MySQL part, I prefer to use the most recent state, so I create a .tar.gz directly into an FTP-accessible directory and download it.

Notes

* You shouldn't even try to set up this system on an overloaded or low-end server.
* You cannot sell even remotely all the space on your primary hard drive (unless your backup drive is several times larger).
* I am aware that doing full backups every time is the most space-wasting kind of backup, but I prefer it over more sophisticated methods because with a differential or incremental backup system once you lose the starting point, the rest is so much dead bytes. With full backups, any single one stands on its own.
* Offering such a sophisticated solution on a per client basis (like a paid addon) needs only small modifications: all you need is to specify the account backup files and the subdirs in /var/lib/mysql that are to be part of the process. You could e.g. solve it by creating a dir where you first copy over the needed files from the original places, and then run the backup scripts on that directory.

Labels:

Sunday, September 18, 2005

Backing up while webhost is down

If you forgot to back your content up, sometimes it is possible to retrieve it when your webhost is down & both URL & IP addresses don't work [this will not work with all hosts!]

1. If you don't know what your webhost's IP address is, go to this site & look it up by typing in the address of your webhost.

2. Login using the IP address as the address. Use the same username & password that you signed up with in the first place.

All of your files should be there. Unfortunately, you won't have access to any database files, unless you backed them up or they were backed up automatically & saved in a zip file. You should have access to your mail folder, so you can save any emails you want. However, you have access to database files via cpanel if you access it through IPaddress/cpanel

This is especially good if you plan on switching webhosts right away.

Labels: ,

Sunday, September 18, 2005

© Copyright Ekhwan - The Botherhood Beyond Boundaries
Your Gateway to Establishing an Online Presence.
 Tel: +971-6-5636554 Fax: +971-6-5321319
Postal Address: P O Box 19860, Sharjah, UAE
Owned by a proud member of the Dawoodi Bohra Muslim community. Bohras adhere to the Shi'a Fatimi tradition of Islam, headed by the 52nd Dai al-Mutlaq, Syedna Mohammed Burhanuddin Saheb (TUS).