The mod_security plugin could not connect to the database. Please verify that MySQL is running. Error: Can’t connect to local MySQL server through socket ‘/tmp/mysql.sock’ (2) – Solution

If you’re getting following error while accessing mod_sec from WHM, here is the quick solution for this.

The Mod Security plugin could not connect to the database. Please verify that MySQL is running. Error: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
Login to your WHM with root access.
Go to Service Manager from left menu.
See if MySQL Service is enabled and being monitored.
Check the boxes if unchecked.

Now access Mod Security from WHM. It should be working fine now.

Feedback are appreciated 🙂

Checking Bash Vulnerability and Fixing it

There has been a critical vulnerability found in Bash. The vulnerability affects Linux/Unix distributions that use or have Bash installed. For additional information on this vulnerability please visit the following link:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

We advise all our clients to keep their servers & software updated constantly to make sure their servers are at minimal risk of potential vulnerabilities. For this particular vulnerability we recommend reading the following links and taking action as soon as possible:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://access.redhat.com/articles/1200223

To test if your version of Bash is vulnerable, run the following command:

$ env x='() ; echo vulnerable' bash -c "echo this is a test"

If the output of the above command looks as follows:

vulnerable
this is a test

You are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function.

If you run the above example with the patched version of Bash, you should get an output verifying you are not vulnerable:

$ env x='() ; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

To fix this issue just update your bash by following command:

yum update bash -y

Now check bash again:

$ env x='() ; echo vulnerable' bash -c "echo this is a test"

It should return :

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

OR

this is a test

Copy and Paste is not working on my Remote Desktop Connection?

What do i do when clipboard stops working?

Luckily fixing the issue is pretty straightforward and involves a few simple steps.

Load up task manager (right click taskbar and select Task Manager)
Go to the Processes Tab
Select rdpclip.exe
Click End Process
Go to the Application Tab
Click New Process
Type rdpclip
Click Ok

Thats all, copy and paste should now work normally again.

Check your server for openDNS relay (DNS recursion)

You can check your dedicated/vps server for open dns relay by following below methods. It tells you if your server allows dns recursion or not. Follow these steps:

Login to your server via ssh with root login details

Execute following commands:

dig @yourServerIP google.com

if it returns ANSWER:0 that means there is no recursion allowed on the server. Otherwise recursion is allowed on the server.

I.E:

;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 37803
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

Above output shows NO RECURSION (ANSWER: 0)

Get real IP address of visitor for Cloudflare nGinx solution

When you have setup your web sites on cloudflare, every visitor who visits your web site passes through cloudflare network so that his real IP gets changed into cloudflare’s IP address, in short cloudflare acts as proxy server for your web server.
For apache web server, cloudflare has already provided a module which can be installed to get real ip address of visitor.

Here it is :

https://support.cloudflare.com/hc/en-us/sections/200038166-How-do-I-restore-original-visitor-IP-to-my-server-logs-

Well they do not provide any module for nGinx, however it is built in function in nGinx server. You can enable it by adding following below code into your nginx.conf

Follow below steps:

Find nginx.conf file if you do not know the exact location from SSH:

# locate nginx.conf

Add below code in nginx.conf under http section:

set_real_ip_from   204.93.240.0/24;
set_real_ip_from   204.93.177.0/24;
set_real_ip_from   199.27.128.0/21;
set_real_ip_from   173.245.48.0/20;
set_real_ip_from   103.22.200.0/22;
set_real_ip_from   141.101.64.0/18;
set_real_ip_from   108.162.192.0/18;
real_ip_header     CF-Connecting-IP;

Now save changes and restart your nginx server

service nginx restart

That is all, now you will be able to get real ip address of the visitor.

Comments are welcome.

How to disable DNS recursion on kloxo

Here is the quick code to disable DNS recursion on kloxo based server:

Login to SSH with root credential

Find the “named” configuration file:

# locate named.conf

For chrooted system:

Output : /var/named/chroot/etc/named.conf

Edit the file named.conf

# nano /var/named/chroot/etc/named.conf

In updated Kloxo following is the options file:

# nano /var/named/chroot/etc/global.options.named.conf

Add following code at the end of named.conf file and save changes by CTRL+O:

options {allow-recursion {127.0.0.1; };};

Exit from text editor (For nano)

CTRL+X

Restart named services:

service named restart

That is all : )