How to generate a Strong Password

Overview

Creating and using strong passwords is an important part of your server security.

NOTE:

If your old password was compromised, make sure that your new password is very different from your old one.

Things to include

  1. At least eight characters.
  2. One or more of each of the following:
    • lower-case letter
    • upper-case letter
    • number
    • punctuation mark
  3. Lookalike characters to protect against password glimpses. Examples:
    • O as in Oscar and the number 0.
    • Lower-case l and upper-case I.
    • The letter S and the $ sign.

Things to avoid

  1. Words you can find in the dictionary.
  2. Passwords shown as “example strong passwords.”
  3. Personal information, such as names and birth dates.
  4. Keyboard patterns, like qwerty or 12345. Particularly avoid sequences of numbers in order.
  5. Common acronyms.
  6. All one type of character – such as all numbers, all upper-case letters, all lower-case letters, etc.
  7. Repeating characters, such as mmmm3333.
  8. The same password you use for another application.

Memorable password tips

While passwords that are easy for you to remember are also less secure than a completely random password, following these tips can help you find the right balance between convenience for you and difficulty for hackers.

  1. Create a unique acronym for a sentence or phrase you like.
  2. Include phonetic replacements, such as ‘Luv 2 Laf’ for ‘Love to Laugh.’
  3. Jumble together some pronounceable syllables, such as ‘iv,mockRek9.’

Keep your password secret

  1. Never tell your password to anyone (this includes significant others, roommates, coworkers, etc.). If you need to grant someone access to your server, set up a separate username and password for that person.
  2. Never write your password down, especially not anywhere near your computer.
  3. Do not store your password in a plain text file on your computer.
  4. Never send your password over an unecrypted connection – including unencrypted email.
  5. Periodically test your current password.
  6. Update your password every six months.

Third-party tools

Password generators

Password strength tests

Password storing tools

How To: Install memcached on CentOS 6

Memcached is a distributed, high-performance, in-memory caching system that is primarily used to speed up sites that make heavy use of databases. It can however be used to store objects of any kind. Nearly every popular CMS has a plugin or module to take advantage of memcached, and many programming languages have a memcached library, including PHP, Perl, Ruby, and Python. Memcached runs in-memory and is thus quite speedy, since it does not need to write to disk. Here’s how to install it on CentOS 6:

 

Memcached does have some dependencies that need to be in place. Install libevent using yum:

yum install libevent libevent-devel

The memcached install itself starts with

To start installing memcached, change your working directory to /usr/local/src and download the latest memcached source:

cd /usr/local/src
wget http://memcached.googlecode.com/files/memcached-1.4.15.tar.gz

Uncompress the tarball you downloaded and change into the directory that is created:

tar xvzf memcached-1.4.15.tar.gz
cd memcached-1.4.15

Memcached is actively developed, so the version used in this tutorial may be out of date by the time you read this. As of this writing, 1.4.15 is the latest stable version. Check memcached.org for a newer version before proceeding with the installation.

Next, configure your Makefile. The simplest way is to run:

./configure

Additional configure flags are available and can improve performance if your server is capable. For 64-bit OSes, you can enable memcached to utilize a larger memory allocation than is possible with 32-bit OSes:

./configure --enable-64bit

If your server has multiple CPUs or uses multi-core CPUs, enable threading:

./configure --enable-threads

If your server supports it, you can use both flags:

./configure --enable-threads --enable-64bit

n.b.: if the configure script does not run, you may have to install compiling tools on your server. That is as simple as

yum install gcc
yum install make

Once the configure script completes, build and install memcached:

make && make install

Last but not least, start a memcached server:

memcached -d -u nobody -m 512 -p 11211 127.0.0.1

Put another way, the previous command can be laid out like this:

memcached -d -u [user] -m [memory size] -p [port] [listening IP]

Let’s go over what each switch does in the above command:

-d
Tell memcached to start up as a backgrounded daemon process
-u
Specify the user that you want to run memcached
-m
Set the memory that you want to be allocated my memcached
-p
The port on which memcached will listen.

 

Hotlink protection: How-To prevent people from stealing your files

 

Create an .htaccess file in your public_html directory with the following code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.com.*$ [NC]
RewriteRule .(gif|jpg)$ – [F]

Where domain.com is your domain.

 

Setting up DA with an SSL certificate

You can switch DirectAdmin to use SSL instead of plain text. -> https instead of http on port 2222.
Note that this is for the DirectAdmin connection on port 2222, *not* for apache.
If you’re tryting to setup a certificate for your domain through apache, use this guide.

If you do not have your own certificates, you’ll need to create your own:/usr/bin/openssl req -x509 -newkey rsa:2048 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes

chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem


This is the old method, use either the one above, or this one.  The end result is the same, but takes more steps.
openssl req -new -x509 -keyout /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cacert.pem -days 3653

openssl rsa -in /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cakey.pem

rm -f /usr/local/directadmin/conf/cakey.pem.tmp
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

(Paste these one at a time as the first 2 require user input)


If you already have your own certificate and key, then paste them into the following files:

certificate:  /usr/local/directadmin/conf/cacert.pem
key: /usr/local/directadmin/conf/cakey.pem

Edit the /usr/local/directadmin/conf/directadmin.conf and set SSL=1  (default is 0).  This tells DA to load the certificate and key and to use an SSL connection.
Ensure your directadmin.conf has the values set:cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem

but can be changed as needed.

DirectAdmin needs to be restarted after any changes to the directadmin.conf.

If you also have a CA Root Certificate, this can be specified by adding:carootcert=/usr/local/directadmin/conf/carootcert.pem

into the /usr/local/directadmin/conf/directadmin.conf file (won’t exist by default) and by pasting the contents of the caroot cert into that file.

Note, as of 1.30.2, you can set the value of the SSL redirect should a User connect to an https connection with plaintext http.
http://www.directadmin.com/features.php?id=801

For 1.33.0, you can force DA to redirect to a specific hostname if you wish the host to match the cert installed:
http://www.directadmin.com/features.php?id=917
However, if they connect to https on a different host, they’ll first get the ssl warning (since ssl is established before the host is passed), then they’ll be redirected to the correct host, where the error would not appear (assuming you’ve got a valid cert setup)

As of 1.33.3, you can enable a ssl cipher to force SSLv3, and disable SSLv2:
http://www.directadmin.com/features.php?id=957

How to upgrade mysql with custombuild

To upgrade mysql using the custombuild script, do the following:

cd /usr/local/directadmin/custombuild
./build set mysql 5.1
./build set mysql_inst yes
./build set mysql_backup yes
./build update
./build mysql

Where mysql can be 5.0, 5.1 or 5.5.

A full raw sql backup will be run prior to the upgrade if you have mysql_backup=yes set.  It goes without saying, always make backups, either with this tool, or with other means.

After the mysql update, always recompile php.

./build php n

Why do I need an owned IP for my own SSL certificate?

The reason you must have your own dedicated IP address when you want to use your own SSL certificate (when you don’t want the server wide shared certificate) is because of the way SSL and Apache (httpd) works.

For name based web-hosting (when many domains are on one IP) the web browser will pass the name of the domain being requested inside the httpd headers along with the request.  This way, Apache knows which domain you are trying to access even though there are many domains on that one IP address.

When you do the same thing through an SSL connection, the connection has to be made *before* the request can be sent.  In this connection, the certificate is passed.  The only information that Apache knows before the request is made is which IP the connection is being made to.  It has to be able to know which certificate to send before the request is made, thus you can’t use multiple certificates on the same IP (if you do, Apache will use the first certificate listed which DA will always set to the server shared certificate for shared IPs).

If you want to use your own certificate, it must be the first certificate listed.  This wouldn’t work for a shared IP, because there would multiple domain wanting this status, and the first certificate would the one shown.  For this reason the shared certificate is always used on a shared IP.  For your certificate, DA will acknowledge the IP as being ‘owned’ and will remove the server shared certificate as the first cert to be loaded, thus your certificate will be loaded instead.

How To Clear Your DNS Cache

Windows® 8

 

  1. Press Win+X to open the WinX Menu.
  2. Right-click on Command Prompt and select Run as Administrator.
  3. Type the following command and press Enteripconfig /flushdns
  4. If the command was successful, you will see the following message:
    Windows IP configuration successfully flushed the DNS Resolver Cache.

 

Windows 7

 

  1. Click the Start button.
  2. Enter cmd in the Start menu search field.
  3. Right-click on Command Prompt and select Run as Administrator.
  4. Type the following command and press Enteripconfig /flushdns
  5. If the command was successful, you will see the following message:
    Windows IP configuration successfully flushed the DNS Resolver Cache.

 

Windows XP, 2000, or Vista®

 

  1. Click the Start button.
  2. On the Start menu, click Run….
    • If you do not see the Run command in Vista, enter run in the Search bar.
  3. Type the following command in the Run text box: ipconfig /flushdns

 

MacOS® 10.7 and 10.8

 

  1. Click Applications.
  2. Click Utilities.
  3. Double-click the Terminal application.
  4. Type the following command:
    sudo killall -HUP mDNSResponder

    Warning: To run this command, you will need to know the computer’s Admin account password.

 

MacOS 10.5 and 10.6

 

  1. Click Applications.
  2. Click Utilities.
  3. Double-click the Terminal application.
  4. Type the following command: sudo dscacheutil -flushcache

How to adjust the time zone of your webmail client (Roundcube, SquirrelMail, Horde)

SquirrelMail

To change time zones in SquirrelMail:

  1. Access SquirrelMail.
  2. Click Options link at the top of the page.
  3. Click the Personal Information link.
  4. Under Timezone Options, from the Your Current Timezone drop-down, select your preferred time zone.
  5. Click Submit.

Horde

To change time zones in Horde:

  1. Access Horde.
  2. Click the Options icon at the top of the page.
  3. Under Your Information, click the Locale and Time link.
  4. Under Your current time zone, select your preferred time zone from the drop-down menu.
  5. Click Save Options.

RoundCube

To change time zones in RoundCube:

  1. Access RoundCube.
  2. Click the Settings icon in the top-right corner of the page.
  3. Select Preferences tab.
  4. Under the Section column, select User Interface.
  5. Select your preferred time zone from the Time zone drop-down menu.
  6. Click Save.

How to change the max file upload size for phpMyAdmin in Plesk

You need to edit the correct php.ini file and increase the value of the following variables to the desired size:

memory_limit, upload_max_filesize and post_max_size

The  php.ini file is located at:

On Linux server:

/usr/local/psa/admin/conf/php.ini

On Windows server:

C:\Program Files (x86)\Parallels\Plesk\admin\php.ini

 

Then you will need to restart your webserver & PSA.

 

 

Change email password without logging in on DirectAdmin

If you would like your pop users to be able to change their own email passwords without having to login to the control panel, simply give them this link:

http://www.domain.com:2222/CMD_CHANGE_EMAIL_PASSWORD

Where www.domain.com is either your domain, hostname, or IP address.

More information on this function and how you can use it via API can be found Here.

There is also a DA plugin that also gives email users the ability to change their passwords, and vacation messages, and show them their email stats, all in once place:
http://www.directadmin.com/forum/showthread.php?t=22715

For automated vacation messages changes by email users, it can be implemented via API here, or just use the plugin above:http://www.directadmin.com/forum/showthread.php?t=13112

A squirrelmail plugin has been created which allows interaction with DirectAdmin showing usage, as well as the ability to change the password and vacation message:
http://www.directadmin.com/forum/showthread.php?t=31050