How to access remote server with local phpMyAdmin client?

Just add below lines to your “” file in the bottom:

$cfg['Servers'][$i]['host'] = 'HostName:port'; //provide hostname and port if other than default
$cfg['Servers'][$i]['user'] = 'userName';   //user name for your remote server
$cfg['Servers'][$i]['password'] = 'Password';  //password
$cfg['Servers'][$i]['auth_type'] = 'config';       // keep it as config



Preventing DDOS attack from csf firewall.

First make sure DDOS attack is not from open recursive DNS settings. To check and fix that issue please read this article – Preventing DDOS aplification open resolver attack

This article is to set CSF firewall so that any DDOS intentional attack to your server can be prevented.


Step 1: open and edit CSF config file. 

vi /etc/csf/csf.conf



Enable connection tracking.
CT_LIMIT is max number of connection allowed from one IP, you can set this value as per your server requirement.


Set connection tracking interval.


If you want to get possible ddos attack email then enable it.


If you want to make IP blocks permanent then set this to 1, otherwise blocks
will be temporary and will be cleared after CT_BLOCK_TIME seconds


If you opt for temporary IP blocks for CT, then the following is the interval
in seconds that the IP will remained blocked for (e.g. 1800 = 30 mins)


If you only want to count specific ports (e.g. 80,443) then add the ports
to the following as a comma separated list. E.g. “80,443”

CT_PORTS = 80,23,443


These settings will be enough for DDOS attacks but if you are getting more attacks even you have above option configured then we can set few more options.


Step 2: Enable distributed attacks


Set the following to the minimum number of unique IP addresses that trigger



Step 3: Enable distributed FTP attacks



Set the following to the minimum number of unique IP addresses that trigger
LF_DISTFTP. LF_DISTFTP_UNIQ must be <= LF_DISTFTP for this to work



If this option is set to 1 the blocks will be permanent
If this option is > 1, the blocks will be temporary for the specified number
of seconds



Step 4: Enable distributed SMTP attacks.




Set the following to the minimum number of unique IP addresses that trigger
LF_DISTSMTP. LF_DISTSMTP_UNIQ must be <= LF_DISTSMTP for this to work



If this option is set to 1 the blocks will be permanent
If this option is > 1, the blocks will be temporary for the specified number
of seconds



This is the interval during which a distributed FTP or SMTP attack is


Migrate sites from cPanel to Plesk

Login to cPanel server and generate an SSH key. Run the following command in the terminal to generate the key.

ssh-keygen -b 2048 -t dsa -N “” -f /root/.ssh/id_dsa

The above command will write the key to the file /root/.ssh/id_dsa. Now login to the Plesk server and add the key into the file /root/.ssh/authorized_hosts. This will setup an SSH connection between the servers and you can now run rsync commands to migrate data over remote server.

Steps for cPanel to Plesk migration

1) Create an account in Plesk server. Also note down the DocumentRoot of the domain. By default, it would be /var/www/vhosts/domainname/httpdocs

2) Migrate files.

Run the below command from cPanel server

rsync -az –numeric-ids –progress /home/username/public_html root@$remote_ip:/var/www/vhosts/domainname/httpdocs

3) Migrate Databases.

– Take dumps of all databases using the below command.

mysqldump database_name>database_name.sql

– Copy the dump files to remote server.

scp database_name.sql root@Remote_IP:/var/www/vhosts/domainname/

– Login to plesk server and restore all databases.

mysqldump database_name<database_name.sql

4) Migrate email accounts.

– Setup email accounts on plesk server. Their default mail location will be /var/qmail/mailnames/ Now copy all mails using the below command.

rsync -az –numeric-ids –progress /home/username/mail/ root@$remote_ip:/var/qmail/mailnames/

Create ftp user from backend (ssh) in cpanel server

Normally all the cpanel servers would have pureftp running by default, you need to change it to proftpd inorder to make it working. You can switch it using the following command

server [~]# /scripts/setupftpserver proftpd

Now we need to create a new ftp user with the required home directory. You can use the following command to create a ftp user

/usr/local/cpanel/bin/proftpd_passwd <sys user> -a <vuser>:<passwd>:<uid>:<gid>:<owner>:<home_dir>:<shell>

server [~]# /usr/local/cpanel/bin/proftpd_passwd cpanelusername -a

server [~]# /usr/local/cpanel/bin/ftpupdate

To delete an ftp accounts, run the command.
/usr/local/cpanel/bin/proftpd_passwd -d



Setup multiple shared IP is not possible through WHM. If you have such requirement follow the below steps to use multiple shared IP’s in your cPanel server.
1. Log in as root
2. Create a directory “mainips” in /var/cpanel/
3. Create a file “root” in the directory
4. Enter the IP’s you want to use as shared IP’s in each line
Now you will be able to use multiple IP’s as shared IP in a cpanel server.

How to change the primary IP addres of a WHM/cPanel server

Steps in WHM:

  • Log into WHM and go to Basic cPanel & WHM Setup
  • Change the Primary IP here with the option that says “The IP address (only one address) that will be used for setting up shared IP virtual hosts
  • Note: This might not actually be necessary.

Log in to SSH, and do the following:

  1. Edit /etc/sysconfig/network-scripts/ifcfg-eth0
    • Change the IPADDR and GATEWAY lines to match the new IP and Gateway for the new ip
  2. Edit /etc/sysconfig/network
    • Change the GATEWAY line here if it does not exist in the ifcfg-* file.
  3. Edit /etc/ips
    • Remove the new primary IP from this file if it is present
    • Add the old primary IP to this file with the format <IP address>:<Net Mask>:<Gateway>
  4. Edit /var/cpanel/mainip
    • Replace the old primary IP with the new primary IP
  5. Edit /etc/hosts
    • Replace the old primary IP with the new one if needed. The hostname’s dns will need to be updated too
  6. Restart the network service to make the new IP the primary
    • service network restart
    • Note: You’re probably going to be disconnected at this point, and have to log in to ssh using the new primary ip.
  7. Restart the ipaliases script to bring up the additional IPs
    • service ipaliases restart
  8. Run ifconfig and make sure all IPs show up correctly
  9. Update the cpanel license to the new primary IP
  10. Verify you can still log in to WHM and there is no license warning


cPanel logs for access, Apache, email, error, ftp, mysql, and WHM

cPanel logs

Access logs and user actions /usr/local/cpanel/logs/access_log
Account transfers and misc. logs /var/cpanel/logs
Auditing log (account creations, deletions, etc) /var/cpanel/accounting.log
Backup logs /usr/local/cpanel/logs/cpbackup
Brute force protection (cphulkd) log /usr/local/cpanel/logs/cphulkd.log
Cpanel dnsadmin dns clustering daemon /usr/local/cpanel/logs/dnsadmin_log
Cpanel taskqueue processing daemon /usr/local/cpanel/logs/queueprocd.log
DBmapping /usr/local/cpanel/logs/setupdbmap_log
EasyApache build logs /usr/local/cpanel/logs/easy/apache/
Error log /usr/local/cpanel/logs/error_log
Installation log /var/log/cpanel
License updates and errors /usr/local/cpanel/logs/license_log
Locale database modifications /usr/local/cpanel/logs/build_locale_database_log
Login errors (CPSRVD) /usr/local/cpanel/logs/login_log
Horde /var/cpanel/horde/log/
RoundCube /var/cpanel/roundcube/log/
SquirrelMail /var/cpanel/squirrelmail/
Panic log /usr/local/cpanel/logs/panic_log
Per account bandwidth history (Cached) /var/cpanel/bandwidth.cache/{USERNAME}
Per account bandwidth history (Human Readable) /var/cpanel/bandwidth/{USERNAME}
Service status logs /var/log/chkservd.log
Tailwatch driver tailwatchd log /usr/local/cpanel/logs/tailwatch_log
Update analysis reporting /usr/local/cpanel/logs/updated_analysis/{TIMESTAMP}.log
Update (UPCP) log /var/cpanel/updatelogs/updated.{TIMESTAMP}.log
WebDisk (CPDAVD) /usr/local/cpanel/logs/cpdavd_error_log
Website statistics log /usr/local/cpanel/logs/stats_log

cPanel access log

Access logs and user actions /usr/local/cpanel/logs/access_log

cPanel apache log

Apache restarts done through cPanel and WHM /usr/local/cpanel/logs/safeapcherestart_log
Domain access logs /usr/local/apache/domlogs/{DOMAIN}
Processing of log splitting /usr/local/cpanel/logs/splitlogs_log
suPHP audit log /usr/local/apache/logs/suphp_log
Web server and CGI application error log /usr/local/apache/logs/error_log

cPanel email log

Delivery and receipt log /var/log/exim_mainlog
Incoming mail queue /var/spool/exim/input/
Log of messages rejected based on ACLS or other policies /var/log/exim_rejectlog
Unexpected/Fatal error log /var/log/exim_paniclog
IMAP, POP login attempts, transactions, fatal errors and spam scoring /var/log/maillog /var/log/messages
Mailman /usr/local/cpanel/3rdparty/mailmain/logs

MySQL log

MySQL error log /var/lib/mysql/{SERVER_NAME}.err
MySQL slow query log (if enabled in my.cnf) /var/log/slowqueries