FreeBSD Plesk TIps (7.5.x)

[jshanley]

Original thread for 7.1.x here for Plesk 7.1.x on FreeBSD. The paths for Horde webmail have changed since 7.1.x, so I probably need to fix that up in the tips, below. Thanks goes out to everyone who posted suggestions/tips in the previous thread.

Don't forget to patch your Plesk server with the hotfixes! This will patch some security vulnerabilities, and fix some bugs. (Hotfix Page)

Hotfix list updated: Dec 20th 2005.

Plesk 7.5.4 on FreeBSD 5.3: Hotfixes: 1 2 3 4 5

Plesk 7.5.4 on FreeBSD 4.9: Hotfixes: 1 2 3 4 5


Improving SMTP speed/performance

Note: They may have fixed this in 7.5.x, but I haven't installed 7.5 on a clean system recently, so I don't remember. I'm leaving this here just in case.

Improving SMTP response time (connections):

By default, Plesk on FreeBSD is pretty slow at establishing SMTP connections. This is because it defaults to doing reverse-dns lookups for all SMTP connections, for no good reason. This can slow down your mail sessions significantly (the default timeout on the reverse DNS lookup is 26 seconds.. per connection, which means if there is no reverse-dns for the mailserver trying to connect to you, it will wait 26 seconds before letting the connection continue). We want to change this behaviour so it instantly connects all SMTP sessions.

Edit /etc/inetd.conf and scroll down to the bottom. The two lines you're looking for start with "smtp" and "smtps".

Here is a short example of what it looks like:
smtp stream tcp nowait root /usr/local/psa/qmail/bin/tcp-env tcp-env /usr/local/psa/qmail/bin/relaylock ( ... etc)

What you want to do is insert -Rt0 after the second "tcp-env" on both of these lines. Here is an example:

smtp stream tcp nowait root /usr/local/psa/qmail/bin/tcp-env tcp-env -Rt0 /usr/local/psa/qmail/bin/relaylock
smtps stream tcp nowait root /usr/local/psa/qmail/bin/tcp-env tcp-env -Rt0 /usr/local/psa/qmail/bin/relaylock

After doing this, kill and restart inetd for the changes to take effect.

Improving default bounce behaviour:

By default, Plesk does not handle double-bounces gracefully. We want to throw away double bounces (bounces that cannot be delivered). We can do this with:

echo "#" > /usr/local/psa/qmail/control/doublebounceto

Increasing the number of concurrent deliveries:

By default, Plesk limits mail to 10 local deliveries at a time, and 20 external deliveries at a time. This is usually insufficient for most hosts, so you can change that behaviour by increasing both to, say, 25. Note: It is best to adjust this according to your own server specs and your needs. For example, if you're running on a slow system with low ram, you probably don't want to increase this... etc.

echo "25" > /usr/local/psa/qmail/control/concurrencylocal
echo "25" > /usr/local/psa/qmail/control/concurrencyremote

After creating these files, restart the qmail service.

TODO: Fixing & Improving SpamAssassin Performance

the file /etc/sysconfig/spamassassin comes as:
SPAMDOPTIONS="-d -u qmailq -c -H /var/qmail"

where the options are:
-d daemon
-u run as user...
-c create users' preferences files
-H work directory...

But it can be improved with:
-x (server, don't check users' files)
-q (users' prefs stores in sql db)
-L (local, don't perform dns checks)
-m10 (10 childs)

so, a very fast and light (but not powerful) config would be:
SPAMDOPTIONS="-d -u qmailq -x -L -m5 -H /var/qmail"

It's important to add the -m10 or -m5 flag, because by default SpamAssassin is not limited - it can spawn 1,000 copies if you're not careful (bringing your server to it's knees). So I always limit the number of spamassassin copies that are allowed to run at once.

TODO: Accelerating the Admin Interface

Haven't tried this on 7.5.x, as the web interface performance increased dramatically between 7.1.x and 7.5.x already. I'll try this later using APC or eAccelerator.

Fixing Webmail Bugs

Note: The path to webmail files has changed since 7.1.x, I still need to change this tip to reflect that.

When a user uses the "Password" button/icon in webmail, it stupidly says "Changing password on Example poppassd server". Note: I think they fixed this on 7.5.x, I'll have to check one of my old servers, just in case. I'll leave the tip here until I verify.

Edit: /usr/local/psa/home/vhosts/webmail/horde/passwd/config/backends.php
change the line that says
'name' => 'Example poppassd server', ... to:
'name' => 'this server',

Note: The path to webmail files has changed since 7.1.x, I still need to change this tip to reflect that.

When a user uses the "Password" button/icon in webmail, it shows them just the first part of their username instead of the full [email protected] address as their username. So, changing their password doesn't work.

Edit: /usr/local/psa/home/vhosts/webmail/horde/passwd/config/conf.php

Find the line that says:

$conf['hooks']['default_username'] = false; ... and change it to
$conf['hooks']['default_username'] = true;

Now, create a new file called:

Note: The path to webmail files has changed since 7.1.x, I still need to change this tip to reflect that.

/usr/local/psa/home/vhosts/webmail/horde/config/hooks.php

In this file, paste the following

<?php

/**

 * Horde Hooks configuration file. 

 **/



if  (!function_exists('_passwd_hook_default_username')
) {

    function _passwd_hook_default_username($userid)

    {

        return $userid;

    }

}

/** DO NOT PLACE A ?> AT THE END OF THIS FILE **/

Now users can use the Password button in Webmail, and it will work correctly.

 

[jshanley]

Adding Spell Check to Webmail

First, install aspell or ispell from ports:

/usr/ports/textproc/ispell
/usr/ports/textproc/aspell

Note: The path to webmail files has changed since 7.1.x, I still need to change this tip to reflect that.


Edit: /usr/local/psa/home/vhosts/webmail/horde/imp/config/conf.php

Find the line:

$conf['utils']['spellchecker'] = ''; ... and replace it with something like
$conf['utils']['spellchecker'] = '/usr/local/bin/aspell';

Get rid of the "This message was sent through IMP" on webmail messages

# Get rid of the "This message was sent..." at the bottom of webmail messages

Note: The path to webmail files has changed since 7.1.x, I still need to change this tip to reflect that.


# home/vhosts/webmail/horde/imp/config/conf.php
// Should we append the contents of imp/config/trailer.txt to the end
// of every message sent?
$conf['msg']['append_trailer'] = false;


Adding some additional features to Webmail - these will add the ability to view contents of zip/rar/tar files from webmail

Note: The path to webmail files has changed since 7.1.x, I still need to change this tip to reflect that.

/usr/local/psa/home/vhosts/webmail/horde/config/mime_drivers.php

# Fix the wrong location of TAR on BSD
- $mime_drivers['horde']['tgz']['location'] = '/bin/tar';
+ $mime_drivers['horde']['tgz']['location'] = '/usr/bin/tar';

# Install RAR (/usr/ports/archivers/rar), then change this line:
- // $mime_drivers['horde']['rar']['location'] = '/usr/bin/rar';
+ $mime_drivers['horde']['rar']['location'] = '/usr/local/bin/rar';
# ... and uncomment the rest of the "rar" block (the 6 lines below this one)

# do "which zipinfo" ; you should already have it installed. If not,
# You can install it by installing /usr/ports/archivers/zip from ports.
# Then uncomment this block to enable webmail to utilize it (and display zipfile info)

/* Location of the zipinfo binary. */
$mime_drivers['horde']['zip']['location'] = '/usr/local/bin/zipinfo';
$mime_drivers['horde']['zip']['inline'] = true;
$mime_drivers['horde']['zip']['handles'] = array(
'x-extension/zip',
'application/x-compressed',
'application/x-zip-compressed');
$mime_drivers['horde']['zip']['icons'] = array(
'default' => 'compressed.gif');

# Allow users to report spam through webmail (they need to open the actual mail to see the "report this message as spam" link though).
# It's up to you whether you want to give them this ability; there are upsides and downsides to this.

Note: The path to webmail files has changed since 7.1.x, I still need to change this tip to reflect that.

# /usr/local/psa/home/vhosts/webmail/horde/imp/config/conf.php

/**
** Spam Reporting
**/

// Should we display a "report this message as spam" link in the
// message view?
$conf['spam']['reporting'] = true;

// If so, should we report them via email?
// No.. actually, dont send an email to the admin
// $conf['spam']['email'] = 'postmaster@' . $GLOBALS['registry']->getParam('server_name');

// Should we report them via an external program?
$conf['spam']['program'] = '/usr/local/psa/spamassassin/bin/spamassassin -r';


Move deleted messages (in webmail) to the trash folder, instead of leaving them in the inbox and just crossing them out (it looks messy)... we change the "value" from 0 to 1 here.

Note: The path to webmail files has changed since 7.1.x, I still need to change this tip to reflect that.


/usr/local/psa/home/vhosts/webmail/horde/imp/config/prefs.php

// should we move messages to a trash folder instead of just marking
// them as deleted?
// a value of 0 = no, 1 = yes
$_prefs['use_trash'] = array(
'value' => 1,
'locked' => false,
'shared' => false,
'type' => 'checkbox',
'desc' => _("When deleting messages, move them to your Trash folder instead of marking them as deleted?")
);

FTP Connection Speed Tuning
Initial FTP connections are extremely slow for many people, once again because by default, Plesk does a reverse-dns lookup on client IPs before connecting them. This is useless and makes your server look like it's running slow. To fix this:

Edit the file:

/usr/local/psa/ftpd/etc/proftpd.include

... and add the following lines to it:

# start of proftpd.include. Do not include this line.

IdentLookups off
UseReverseDNS off
Quotas on
AllowStoreRestart on
AllowRetrieveRestart on
TimeoutNoTransfer 900
TimeoutIdle 1800

# end of proftpd.include. Do not include this line.

Hide the "tmp, usr, lib, var" folders when logging in via ftp, so users dont try to delete them, and then call asking why they can't delete these "useless" folders (yeah I'm serious)

# /usr/local/psa/ftpd/etc/proftpd.conf

<Directory ~>
HideGroup wheel
</Directory>

<Directory ~>
HideNoAccess yes
</Directory>

Installing Plone/Zope on Plesk:

Link

Changing the page title for the login screen and within the control panel.

cd /usr/local/psa/admin/htdocs/javascript
cp common.js common.js.orig
open common.js with your text editor and at the top of the page add this:
document.title = '**WHAT EVER YOU WANT**';

Save the file, browse to your control panel and the browsers title bar should now reflect what you wanted for the title.




2 - "Changing password on this server"

I like best to see "Changing password on domain.com", it can be done by replacing:

$backends['poppassd'] = array(
'name' => 'poppasswd server',

with

$domain = substr($_SERVER['SERVER_NAME'], 8);
$backends['poppassd'] = array(
// 'name' => 'poppasswd server',
'name' => $domain,

in the file ...horde/passwd/config/backends.php


3 - Change the "Welcome to Horde" message at the login page to "Welcome to <domainname>"

This can be done in the file .../imp/login.php

By replacing $title = sprintf(_("Welcome to %s"), $registry->get('name', ($imp_auth) ? 'horde' : null));

with:

$domain = substr($_SERVER['SERVER_NAME'], 8);
$title = sprintf(_("Welcome to %s"), $registry->get('name', ($imp_auth) ? 'horde' : null) . " - " . $domain);

 

[jshanley]

Continued...

Installing mod_security

Installing mod_security:

The most recent PHP vulnerabilities scared me, so I decided it was time to install mod_security. Note that these are just "basic" rules; you may want to browse the rules here for a nice extensive list. Note that lots of mod_security rules may slow down your server. Also, some rules are duplicated here and in the other rulesets at the above link, so you'll want to clean them up before integrating them.

# Credit for the original writeup goes to:
# http://www.eth0.us/mod_security
#
# Some modifications for FreeBSD 5.x


# http://www.modsecurity.org/download/index.html
fetch http://www.modsecurity.org/download...he-1.9.1.tar.gz

tar -zxvf modsecurity-apache-1.9.1.tar.gz
cd modsecurity-apache-1.9.1/apache2
/usr/local/psa/apache/bin/apxs -cia mod_security.c
# Back up current config as "httpd.conf-2005-12-03" or whatever.
cp /usr/local/psa/apache/conf/httpd.conf /usr/local/psa/apache/conf/httpd.conf-`date -j "+%Y-%m-%d"`

pico /usr/local/psa/apache/conf/httpd.conf

# At the end of all the other LoadModule lines, add:
LoadModule security_module libexec/mod_security.so

# At the bottom of your httpd.conf file, add:

####### MOD SECURITY RULES ##############
<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature "Apache"


# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog logs/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction "deny,log,status:403"

## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ##

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
# SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

SecFilter "viewtopic\.php\?" chain
SecFilter "chr\(([0-9]{1,3})\)" "deny,log"

# Block various methods of downloading files to a server
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "/../../ "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
SecFilterSelective THE_REQUEST "arta\.zip "
SecFilterSelective THE_REQUEST "cmd=cd\x20/var "
SecFilterSelective THE_REQUEST "HCL_path=http "
SecFilterSelective THE_REQUEST "clamav-partial "
SecFilterSelective THE_REQUEST "vi\.recover "
SecFilterSelective THE_REQUEST "netenberg "
SecFilterSelective THE_REQUEST "psybnc "
SecFilterSelective THE_REQUEST "fantastico_de_luxe "
#Block BCC/PHP Spam
SecFilterSelective THE_REQUEST "bcc:|Bcc:|BCc:|BCC:|bCc:|bCC:|bcC:|BcC:"
# WEB-PHP phpbb quick-reply.php arbitrary command attempt
SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
SecFilter "phpbb_root_path="
</IfModule>

####### END MOD SECURITY RULES ##############

 

[jshanley]

Upgrading to 7.5.4

Upgrading to 7.5.4 Tips

1) Update your ports tree.
2) install Perl 5.8.7 (required for Plesk 7.5.4):

cd /usr/ports/lang/perl5.8 && make && make deinstall && make install

3) Install needed Perl modules.

# cpan
<run through cpan configuration>

Here's a list that I use; some are used by SpamAssassin, some are used by others. Note: Text::Iconv is a -new- requirement for Plesk when using Perl 5.8.7

(from the CPAN command line):

cpan> install Getopt::Long File::Copy Digest::Nilsimsa URI::Escape Net:ing Digest::MD5 Digest::SHA1 Digest::HMAC HTML:arser HTML::Tagset IO::Stringy MIME::Base64 Mail::Internet MIME::Entity Net:NS Time::HiRes Mail::Audit Mail:OP3Client Cwd File::Spec DB_File Term::ANSIColor Pod::Man Digest::BubbleBabble ExtUtils::MakeMaker Pod::Usage Net::SMTP Net::Ident Text::Iconv

4) Backup your Plesk installation.

5) Download Plesk 7.5.4 and install it FROM THE COMMANDLINE (not through the web interface).

6) Download and re-install the ioncube loaders IF you
use any 3rd party products that require it[/b[ (like the 4PSA products); the Plesk upgrade will remove the zend_encoder = <blah> line that used to be there.. PHP versions have changed, which is another reason to update the ioncube loader(s).

7) check to see if syslogd is still running; when I upgraded, plesk had killed it - so SpamAssassin wouldn't actually start. They may have fixed this bug by now. Anyway, If it's not running, restart it. Both times I did the upgrade on FreeBSD 5.3, it did NOT restart syslogd. You can tell because during the last part of the install, you'll see something like this:

Plesk: Apache server has been started
Plesk: Qmail has been started
psa: Courier-IMAP server has been started
Plesk: pgsql has been started

unix dgram connect: No such file or directory at /usr/local/psa/spamassassin/bin/spamd line 310
unix dgram connect: No such file or directory at /usr/local/psa/spamassassin/bin/spamd line 310
Plesk: SpamAssassin has been started


In reality, spamassassin was not started, because it couldn't open the logfile, because syslogd was not running.

Restart syslogd with:

# /usr/sbin/syslogd -ss

.. and then restart plesk

# /usr/local/psa/rc.d/psa restart

8) If necessary, restart the machine.

If you find any problems/bugs with the Plesk 7.5.4 update, It'd be good to post them here to make it easy to find.

 

[jshanley]

Permissions Issues

BUG: Plesk has insufficient maximum mysql connections for mchk on Plesk 7.5.4 / FreeBSD, so sometimes (depending on the number of domains/mailboxes), running mchk will produce a "too many connections" error and quit.

FIX: Run mchk in daemon mode, or create /usr/local/psa/mysql/var/my.cnf and increase the maximum connections in the config file. An example of my.cnf would be:

[mysqld]
set-variable = max_connections=2500

 

[jshanley]

MailMan

BUG: The Mailman web interface doesn't work after doing a restore. I don't know if the bug is there in 7.5.4 stock, or if it only came up after I did the restore - but either way ... if you can't get to your mailing list web interface on FreeBSD, do these two things:

# chmod +x /usr/local/psa/mailman/cron/*
# /usr/local/psa/mailman/bin/check_perms -f

Kinda funny that their check_perms script DOESN'T notice that all the files in the cron folder are not executable, but whatever. heh.

 

[jest3r_fbsd]

has anyone here upgraded to PHP5 successfully with FreeBSD?

 

[DCNet_James]

I've included this entire thread and started a forum for FreeBSD and Plesk on my own board so I can go back to my fixes as well as other peoples'. Of course I gave full credit to you as well as a link to this post for reposting on my forum.

http://noc.secondcitytech.com/

Thx
James

 

[geeza@]

Firstly hats to jshanley for creating such a useful thread . Secondly, does anyone have any experience of doing a buildworld after Plesk is installed? Is it possible keep up with the latest 5.3 Release patches using buildworld without breaking Plesk?

 

[Artur]

bump? buildworld?

 

[steve0]

Originally posted by geeza
does anyone have any experience of doing a buildworld after Plesk is installed? Is it possible keep up with the latest 5.3 Release patches using buildworld without breaking Plesk?

Your better off to use freebsd-update instead, it gives you the patches without needing buildworld . .

If plesk breaks because of a security patch you can undo your changes easily with "freebsd-update rollback"

you can also add a cron job to run it during the night and inform you of any new patches etc on a daily bases, . . you can see exactly what is breaking plesk and take appropriate measures.

Buildworld breaks plesk sometimes, but once is enough - and you can't undo it.

Just my opinion

 

[geeza@]

Thanks very much Steve I'll have a look at freebsd-update .

 

[Artur]

excellent thread, thank you!

 

[VIB-host]

Re: Continued...

Originally posted by jshanley
Installing mod_security

Installing mod_security:

The most recent PHP vulnerabilities scared me, so I decided it was time to install mod_security. Note that these are just "basic" rules; you may want to browse the rules here for a nice extensive list. Note that lots of mod_security rules may slow down your server. Also, some rules are duplicated here and in the other rulesets at the above link, so you'll want to clean them up before integrating them.

# Credit for the original writeup goes to:
# http://www.eth0.us/mod_security
#
# Some modifications for FreeBSD 5.x


# http://www.modsecurity.org/download/index.html
fetch http://www.modsecurity.org/download...he-1.9.1.tar.gz

tar -zxvf modsecurity-apache-1.9.1.tar.gz
cd modsecurity-apache-1.9.1/apache2
/usr/local/psa/apache/bin/apxs -cia mod_security.c
# Back up current config as "httpd.conf-2005-12-03" or whatever.
cp /usr/local/psa/apache/conf/httpd.conf /usr/local/psa/apache/conf/httpd.conf-`date -j "+%Y-%m-%d"`

pico /usr/local/psa/apache/conf/httpd.conf

# At the end of all the other LoadModule lines, add:
LoadModule security_module libexec/mod_security.so

# At the bottom of your httpd.conf file, add:

####### MOD SECURITY RULES ##############
<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature "Apache"


# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog logs/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction "deny,log,status:403"

## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ##

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
# SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

SecFilter "viewtopic\.php\?" chain
SecFilter "chr\(([0-9]{1,3})\)" "deny,log"

# Block various methods of downloading files to a server
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "/../../ "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
SecFilterSelective THE_REQUEST "arta\.zip "
SecFilterSelective THE_REQUEST "cmd=cd\x20/var "
SecFilterSelective THE_REQUEST "HCL_path=http "
SecFilterSelective THE_REQUEST "clamav-partial "
SecFilterSelective THE_REQUEST "vi\.recover "
SecFilterSelective THE_REQUEST "netenberg "
SecFilterSelective THE_REQUEST "psybnc "
SecFilterSelective THE_REQUEST "fantastico_de_luxe "
#Block BCC/PHP Spam
SecFilterSelective THE_REQUEST "bcc:|Bcc:|BCc:|BCC:|bCc:|bCC:|bcC:|BcC:"
# WEB-PHP phpbb quick-reply.php arbitrary command attempt
SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
SecFilter "phpbb_root_path="
</IfModule>

####### END MOD SECURITY RULES ##############

DO NOT USE modsecurity-apache_2.1.0 IT WILL FAIL YOUR PLESK TO START

 

[DCNet_James]

DST 2007 Update script

If you're running FBSD prior to 5.5 or 6.2, the DST update is pretty easy, but if you haven't done it yet, here is a script that will take care of it for you...

http://marcus.digitalchicago.net/~jrprice/development/shell-util/dst2007/update_dst.sh

It will download the latest zoneinfo, run tzsetup, and then sync to time.nist.gov.

This is setup for North American users. Other countries you may need to modify the country in the script.

Thanks,
James