About Liquid Web

A Leader In Managed Hosting since 1997

Our Heroic Support technicians are located on-site at each of our data centers.
Liquid Web Knowledge Base
Billing + Manage
Featured Articles
Technical Support
account management apache apf apple backups bandwidth billing command line cpanel dig dns email exim firewall ftp httpd_conf linux load mac mail.app manage management monitoring mysql name servers network optimization permissions plesk remote desktop security server sonar ssh ssl storage storm system tools tutorial whm whois windows wordpress zone file

Knowledge Base


Administering LiteSpeed Web Server in cPanel
Filed under: Technical Support

If you are used to administering Apache on a cPanel server, administering the faster Litespeed webserver is not that much different. Litespeed transparently takes over for Apache; any configuration changes that you would normally make in an Apache configuration file or .htaccess files is still made in those files. In fact, once Litespeed is installed you can administer your cPanel server like you normally would. The few changes you would want to make to Litespeed directly can be done through your server’s Web Host Manager (WHM).

(more…)

Related Articles




WordPress ModSecurity Rules
Filed under: Technical Support

WordPress is a popular publishing platform which is known for its robust features, numerous templates, and large support community. Unfortunately, due to such popularity, WordPress is also constantly subject to attempts at exploiting vulnerabilities. Ensuring WordPress and any associated plugins are installed with the most current versions is an important means of securing your site. However, ModSecurity provides a significant amount of further security by providing an application firewall.

ModSecurity (also known as “modsec”) has proven itself useful in a variety of situations, and again this is true in assisting with WordPress brute force attempts resulting in a Denial of Service (DoS) attack. While a number of WordPress plugins exist to prevent such attacks, custom modsec rules can prevent such attacks for all WordPress installations on a server. Modsec immediately filters incoming HTTP requests, which assists against taxing server resources.

These rules will block access for the offending IP address for 5 minutes upon 10 failed login attempts over a 3 minute duration. These rules have been automatically updated in the custom rules for Liquid Web’s ServerSecure service. For customers without ServerSecure, these rules can be added to their custom modsec rules. To accomplish this, edit your custom modsec user rules and append the file with the rules provided below. For CPanel servers, this file is likely located at /usr/local/apache/conf/

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
<Locationmatch "/wp-login.php">
# Setup brute force detection.
# React if block flag has been set.
SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"
# Setup Tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</locationmatch>

Courtesy of Frameloss.org

Related Articles




Automating DNS With Zone Delegation and the Storm API
Filed under: Technical Support

Although the term DNS zone delegation may seem new to you, you have been using zone delegation without even realizing it. When you tell your domain’s registrar what nameservers you are using for a particular domain, you are delegating the zone for that domain.

Single zone delegation will work for most people. In fact, most use a single zone file to reference multiple hosts, or multiple subdomains residing on a single host. However, there are cases where where it may be beneficial to perform additional delegation.

(more…)

Related Articles




Creating an Auto Responder in cPanel
Filed under: Technical Support

The Auto Responder functionality allows for cPanel to send a pre-made response to e-mails that are received by a given e-mail account. This is extremely useful for when someone is away from their e-mail for an extended period of time and they want to convey that to other users.

(more…)

Related Articles




Be Nice To Your Server: Setting Process Priorities
Filed under: Technical Support

In a vast majority of cases, Linux does a fantastic job of automatically scheduling processes. The more urgent processes are given a higher priority, and the less urgent processes a lower priority. In rare circumstances, the scheduler might not prioritize processes as you would like. For example, backup processes could be taking up resources that you would rather be used serving web pages. If you would like to regain a bit control over process priorities, the nice and renice commands will give you some.
(more…)

Related Articles




How To: Automate Server Scripts With Cron
Filed under: Technical Support

Servers can automatically perform tasks that you would otherwise have to perform yourself, such as running scripts. On Linux servers, the cron utility is the preferred way to automate the running of scripts.
(more…)

Related Articles




How To: Update Ruby On Rails (to Fix a Security Vulnerability)
Filed under: Technical Support

Ruby on Rails has of this writing released patches for a critical security vulnerability affecting nearly all versions of Rails. It is critical that your Rails applications be updated to one of the following versions:

  • 3.2.11
  • 3.1.10
  • 3.0.10
  • 2.3.15

If you have a cPanel server, make sure you have cPanel’s daily updates running. cPanel versions 11.35.0.4, 11.34.1.7, 11.32.5.18, and 11.30.7.6 include the updated versions of Rails. If you are running Rails on a core-managed server, you will need to update Rails yourself. Here’s how.
(more…)

Related Articles




Using High Performance Block Storage
Filed under: Technical Support

High Performance Block Storage (HPBS) provides additional hard drive space for your Storm Server with just a few clicks. The space is not pre-formatted; rather, it is a raw block device. The simplicity of providing a raw block device on the cloud means that you can mount and format the space on your server however you would like, with whatever filesystem is appropriate for your needs. This does entail a small amount of work getting the space into a usable state.

(more…)

Related Articles




How To: Watch Server Logs in Real Time
Filed under: Technical Support

Servers do a fantastic job of writing down in log files what is happening right that moment. While going back and reading logs later to determine what happened in the past is helpful, it is also useful to watch logs in real time. Linux provides a command line tool that lets us do just that: tail.
(more…)

Related Articles




When Mod Security Attacks
Filed under: Technical Support

One component of Liquid Web’s Server Secure service is an Apache module called Mod Security (often shortened to just “modsec”). Modsec monitors all incoming HTTP requests for malicious behavior, and does not complete requests that meet certain criteria. These criteria are spelled out in what are called “rules” or “rulesets”.

In an ideal world, only malicious requests would be caught in modsec’s trap. Unfortunately, there are some instances where legitimate requests are stopped as well. How do we determine that this is what happening, and what can we do about it?
(more…)

Related Articles




Previous entries
Page 1 of 1512345...10...Last »

Copyright © 2011 Liquid Web, Inc. All Rights Reserved.