Andrew Folkes

Plesk - commercial web hosting control panel. As most of such control panels, it allows a server administrator to set up new websites, reseller accounts, e-mail accounts, and DNS entries through a web-based interface. Requirements: Windows VPS server 0. Log in to the server via RDP. 1. Visit Plesk webpage on your browser. At the bottom of the page, find the section "Plesk Windows Installer" and in it choose to download the installer. 2.A. Run the installer 2.B. Run the Windows command prompt. Navigate to the directory where you have saved the installer. Run the following command: plesk-installer.exe --web-interface This will launch the installer as if you would simply start it manually. If you want to install the latest preview of the upcoming release, run the following command instead (recommended for test purposes but not for production usage): plesk-installer.exe --web-interface --tier testing If you want to install previously released Plesk versions: plesk-installer.exe --web-interface --all-versions 3. Select your language settings and enter your user log-in credentials. By default user is "Administrator" and the password is provided in the client area service management log-in details. Also with this password you connect to the RDP on step 0. 4. Choose link "Install or Upgrade Product" 5. Choose the product Plesk. Version change is possible if you have chosen 2B step with the previous released Plesk versions. Press Continue. 6. Choose suitable installation type. 6.1 Recommended type offers all components necessary for web hosting (web server, mail server, database server, etc.) and the most widely used popular features. If you are unsure which type suits you - Recommended should be the choice. 6.2 Full installation type includes all components and features. Note - of all installation types, this requires the most disk space. 6.3 Custom - allows you to pick the components and features to be installed from the list. Recommended only for experienced Plesk users. If required, after the installation will be you will be able to add or remove Plesk components at any time. 7. Let's say we choose Recommended. The next step would be customizing the routes to file directories and setting up passwords for the Plesk administrator user (admin). The password requirement is at least 4 characters long. However, our recommendation - is at least 10 characters long with capital letters and numbers. 8. After confirmation, the installation will begin and you should wait and make yourself a cup of tea or coffee. The installation will take at least 20 minutes, depending on chosen number of packets it can take even longer. 9. That's it. To finish up the installation press OK. Afterward, you will be able to access the Plesk control panel by opening the application that will appear on the server desktop or by entering the following link in the URL of the used browser on the server: https://localhost:8443/

If there is an issue with SSH on your VPS, this guide will provide basic steps to investigate SSH connection issue. VPS Password Is Not Correct If you cannot connect to your VPS with your current VPS password, or you forgot it, you can connect to our client area and reset your VPS root password. Here is a guide how to do it. Unresponsive SSH Connection If your SSH connection attempts are timing out or are being immediately rejected, then your SSH service might not be running, or your firewall might block SSH connections. So you can connect to your VPS via Emergency Console. How To Check SSH Status? To check your SSH service status, you need to connect to your VPS and run one of these commands: 1) Ubuntu 16.04+, Debian 8+, CentOS 7+, etc: sudo systemctl status sshd -l 2) CentOS 6: sudo service sshd status 3) Ubuntu 14.04, Debian 7 sudo service ssh status How To Restart SSH Service? If the output shows that your SSH is not running, then try to restart your SSH: sudo systemctl restart sshd CentOS 6: sudo service sshd restart Ubuntu 14.04, Debian 7: sudo service ssh restart How To Check SSH Logs? If it won't help, then check your VPS logs of SSH:: sudo journalctl -u sshd -u ssh CentOS 6 less /var/log/secure Ubuntu 14.04, Debian 7 less /var/log/auth.log SSH Is Running On A Non-Standard Port If SSH status is active, make sure on what port SSH service is running. Run netstat on your server to check which port is used by SSH. For this, you can use this command: sudo netstat -plntu | grep ssh By default, SSH service runs on 22 port, but if you see a different port, then try to connect to your VPS via SSH by using that port: The Same Port Is Used By More Than One Service If SSH service is running on your VPS, but you still cannot connect through SSH, then check your logs, to make sure that another service is not bounded on the same port as SSH. If in the logs, you see this message: Then it means that another service on your server is already using the same port that SSH binds to. So this is a reason why SSH you cannot connect to your VPS via SSH. There are some ways to solve this issue: 1) Bind SSH service to a different port: Here is a guide how to do that. 2) Stop the other service: Use netstat command to check which other process is using the same port (as an example, we use 22 port); sudo netstat -plntu | grep :22 Then stop that process: sudo systemctl stop some-other-service sudo systemctl disable some-other-service Or simply kill the process using the process ID listed next to the process name when you check processes with the command - netstat. 3) Change other service port to a different port: Again use netstat command to find what service is bound to the same port. Then, change the configuration for that service to use a different port. Ater that, you need to restart SSH service. Misconfigured Firewall Rules For SSH Service If you can start the SSH service successfully, but your connections still time out or are rejected, then review your firewall rules. It might e that you have blocked SSH connection on your firewall. To check that, you can review your current firewall ruleset: sudo iptables-save # displays IPv4 rules sudo ip6tables-save # displays IPv6 rules Also, if you have configured on your VPS FirewallD or UFW, make sure if you are running either package with these commands: sudo ufw status sudo firewall-cmd --state when the rules will be listed, make sure that your rule for SSH looks something like this: The rule says that you allow SSH connection in your VPS. Disabling Firewall Rules Additionally, for some time, you might to disable the firewall on your VPS to be sure that it is not a reason why you cannot connect to your VPS via SSH. Note 1: The disabled firewall increases the security risk on your VPS, so make sure that you will re-enable it after you investigate your firewall configuration. To do that, you can create a backup of your VPS firewall rules: sudo iptables-save > ~/iptables.txt Then set the INPUT, FORWARD and OUTPUT packet policies as ACCEPT: After that, you need to flush the nat table that is consulted when a packet that creates a new connection is encountered: sudo iptables -t nat -F further, you need to flush the mangle table too that is used for specialized packet alteration: sudo iptables -t mangle -F And additionally flush all the chains in the table: sudo iptables -F In the end, delete every non-built-in chain in the table: sudo iptables -X. Note 2: You might need to do all these steps with ip6tables command to flush your IPv6 rules. Note 3: Do not miss to use a different name for the IPv6 rules file. Rejected SSH Logins If SSH is listening and accepting connections but is rejecting login attempts, you should check logs of rejected attempts. Also, make sure that logins are not disabled for the root user. It can be checked with the command: grep PermitRootLogin /etc/ssh/sshd_config Note 4: If the value of the PermitRootLogin is no, then try logging in with another user. Or, set the value in /etc/ssh/sshd_config to yes. After that, you need to restart SSH, and try logging in as root again.

SWAP memory is used to help RAM, once it cannot store any more data. The data which cannot be stored in RAM is then stored to SWAP memory in the hard disk. In this article, we will provide the basic steps on how to modify and increase SWAP memory in our KVM virtualization Linux VPS packages. In general, there are different opinions on how much SWAP memory your server should have. It could be half of your RAM, the same amount or even more than RAM. In our article, we will assign 6 GB of SWAP to the server. Allocating SWAP Memory First thing you should do is to check if there is no SWAP memory in use on your server with the following command: free -h Your results will be printed in two lines: "Mem", "Swap", which will indicate, what the exact amount of RAM and SWAP memory is on the KVM server. The "Swap" line should only contain zeros. With the following command, we will allocate 6 GB of disk space for our SWAP memory: fallocate -l 6G /swapfile You can check if your SWAP memory was assigned with this command: ls -lh /swapfile At first, your SWAP may not be allocated due to permission issue and you might be seeing this message: -rw-r--r-- 1 root root 6.0G Dec 5 14:32 /swapfile This would suggest we have to make additional changes, first of which should be changing the permission of the swapfile: chmod 600 /swapfile After the change you can check the file permissions again: ls -lh /swapfile The results should change as well, comparing to the previous above: -rw------- 1 root root 6.0G Dec 5 14:36 /swapfile Now set the swapfile as Linux swap area: mkswap /swapfile Finally, enable SWAP usage: swapon /swapfile We can now check if the SWAP memory was allocated correctly: free -h Your results will print two lines again, just this time, you will see a line "Swap" having a variable of 6 GB. Additional Options In general, your SWAP memory allocation may stop working after you reboot the KVM server, so in order to save these changes permanently, we have to edit /etc/fstab. But first, we would recommend making a backup of this file: cp /etc/fstab /etc/fstab.old Once the backup is done, we have to make the changes to the actual file: echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab There are few extra options for SWAP memory, which we would like to address as well: Option - swappiness, is used to describe when the system will move data to the SWAP file. The option may have a value from 0 to 100. Closer to 0, means that your data will be moved to SWAP only when it will be necessary. Closer to 100 means that, data will be moved to SWAP more often, therefore leaving RAM memory more free. We would recommend keeping this option closer to 0, for example, 10. You can check the current value with the following command: cat /proc/sys/vm/swappiness Option - vfs_cache_pressure, this option sets how often the information about the file system is updated. By default, it should be 100, but we would recommend using a lower value, for example, 50. The current value can be checked with this command: cat /proc/sys/vm/vfs_cache_pressure Both of the additional options can be edited at the file /etc/sysctl.conf by adding the following line at the bottom of the file: vm.swappiness=10 vm.vfs_cache_pressure=50 If any questions remain, please contact our customer support, we will be glad to help.

If your server appears pretty slow, there could be many things wrong such as poorly written scripts - but sometimes it could be because someone is flooding your server with traffic known as DoS (Denial of Service) or DDoS (Distributed Denial of Service). It could also be that your server itself is part of a botnet and is being used to attack other networks. In this case, it is always a good idea to run scans with software such as ClamAV and RootKit Hunter as a precaution. Furthermore, whenever a client connects to a server via a network, a connection is established and opened on the system. On a busy high-load server, the number of connections connected to the server can be hundreds if not thousands. Find out and get a list of connections on the server. Take a look at these handy netstat commands below that will surely help you determine whether your under attack or are part of an attack. netstat -na Displays all active Internet connections to the server and only established connections are included. netstat -an | grep :80 | sort Shows only active Internet connections to the server on port 80 and sorts the results. This is useful in detecting a single flood by allowing you to recognize many connections coming from one IP. netstat -n -p|grep SYN_RECV | wc -l This command is useful to determine how many active SYN_RECV are occurring on the server. The number should be pretty low, preferably less than 5. On DoS attack incidents or mail bombs, the number can jump pretty high. However, the value always depends on the system, so a high value may be average on another server. netstat -n -p | grep SYN_RECV | sort -u Lists all IP addresses involved. netstat -n -p | grep SYN_RECV | awk '{print $5}' | awk -F: '{print $1}' Lists all the unique IP addresses that are sending SYN_RECV connection statuses. netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n Uses the netstat command to calculate and count the number of connections each IP address makes to the server. netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n Lists the number of connections the IP's are making to the server using the TCP or UDP protocol. netstat -ntu | grep ESTAB | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr Checks on ESTABLISHED connections instead of all connections, and displays the number of connections for each IP. netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 Shows a list of IP addresses and the number of connections that are connecting to port 80 on the server. Port 80 is used mainly by the HTTP protocol.

LCwHost Ltd support department receives a lot of questions about how to optimize the Apache service. This article introduces basic, simple and yet effective ways to optimize Apache service according to VPS resources. By default, Apache "prefork" module is used. When this module is in use, one process serves one query. Those processes must be defined in strict numerical values to avoid VPS resource allocation to Apache only. For traditional Apache optimization, there are four variables used by Apache: • StartServers: number of child server processes created at startup; • MinSpareServers: minimum number of idle child server processes; • MaxSpareServers: maximum number of idle child server processes; • MaxClients: maximum number of connections that will be processed simultaneously. We can calculate optimal values for those variables: • StartServers: RAM/128; • MinSpareServers: RAM/256; • MaxSpareServers: RAM/64; • MaxClients: RAM/32. • RAM: your server total Random Access Memory value; Practical example in VPS plan with 4 GHz CPU | 4 GB RAM | 50 GB storage | 4 TB bandwidth: • StartServers: 4096/128=32 • MinSpareServers: 4096/256=16 • MaxSpareServers: 4096/64=64 • MaxClients: 4096/32=128 Variables must be set in the Apache server configuration file. To edit this file, execute the following command: nano /etc/httpd/conf/httpd.conf Find the variables described above and change them according to the formula. If you can not find the variables, at the end of the file, add the following lines with your optimized limits being set: </IfModule> KeepAlive Off <IfModule prefork.c> StartServers 32 MinSpareServers 16 MaxSpareServers 64 MaxClients 128 </IfModule> After modification, do not forget to restart apache server: service httpd restart

Setup of email server in Linux is simple, but your job does not end there. Customer had experiences where mail gateway has been misconfigured and has caused open relay for a spammer attack. Always pay extra careful attention when you deal with related internet services such as web and email. 1. MX record The Mail Exchanger (MX) is critical to email related information in your DNS. The MX record tells the internet email servers how to handle the your email routing. If you host your own DNS server, please remember to add a MX record. You can perform a simple MX record test. Please change your internal dns server to an external dns server. 2. IP address Use the mail security tool below to check your IP status: http://www.mxtoolbox.com/SuperTool.aspx 3. Secure Mail Test tool http://www.checktls.com/index.html 4. Reverse DNS Usually anti-spam applications check if you have a valid reverse DNS IP. If you are sending mail from a non reverse DNS IP mail server, your 'mail reputation' will be lower than those who have a valid reserve IP. You might not see the impact instantly, however, since it might have a consequence in the long run such as sending valid bulk emails that might get your IP blacklisted or dropped. 5. SPF DNS Record Most anti-spam application / gateway applies a Sender Policy Framework (SPF) checking. This is an additonal layer of spam filtering, where it checks if the mail is genuinely from a domain. It is advised to include SPF record in your DNS.