FAQ - Your questions? We got answers!
First access to a server with Windows operating system
There are some steps you should always take for security reasons when you first log in to a new server. The two most important actions to take are changing the root password and creating a new user. Here are the instructions to perform these simple but important operations.
1. Change the password
After the first activation, the root password to access the server is the default password, automatically assigned by the system and found on the server management page in the Control Panel. To change it with one of your choice: – log in to the server using the Administrator account – go to Start> Control Panel, then double click User Accounts – under User Accounts, go to Change User Account, and then click Change password – in Change password, go to Current password, then type the current password – in New password enter the new password you want to set – in Confirm new password enter the password you chose again – in Enter password hint enter a word or a phrase that will help you remember the password you have just set – click on Change password to end the procedure.
2. Create a new user
After changing the server password as described above, proceed with the creation of a new user; the instructions for Windows systems are described in detail by Microsoft in the tutorial tutorial: Create a new user account.
Meltdown & Specter Hardware Vulnerability
Meltdown & Spectre are two industry-wide hardware-based security vulnerabilities disclosed in last days. Keeping customers secure is always our top priority and we are taking active steps to ensure that no customer is exposed to these vulnerabilities.
We are accelerating the planned maintenance timing and will begin automatically rebooting each single Virtual Server (VPS ) on our platform in order to apply this patch on our infrastructure.
From Thursday January 18th, your virtual server (VPS) can be restarted for security patch applications.
How to migrate data with Parallels Plesk (Linux Server)
If a server (source or destination) is protected by a firewall, the firewall must be configured to allow data exchange between servers allowing TCP connections to port 22 (SSH). Enabled by default
– Log in to the Parallels Plesk panel of the destination Server.
– Go to Tools & Settings> Migration & Transfer Manager located in the Tools & Resources group.
– Click on Synchronize to check if there are updates available for the components of Migration and Transfer Manager.
– Click on Start New Migration.
– Leave the Transfer data from another server option selected, then enter the following data: Source server address and port number; specify the IP address or alternatively the host name of the server from which you want to transfer. User and password of the source server administrator.
– Specifies whether you want to transfer all data related to user accounts, domains and configuration services from the source server, or only specific elements.
– If there are already some objects on the source server panel (for example user accounts, domains, etc.), you can replace them by selecting the Replace existing objects option.
– To reduce the amount of disk space, bandwidth and time required for data transfer, activate the Use rsync transport option.
– Click on Next. The Migration & Transfer Manager will connect to the server you have indicated and will start collecting information on the elements of the source hosting platform.
– If you have chosen to transfer only certain specific elements, at this point you need to select the checkboxes corresponding to the user accounts and domains you wish to transfer. It is also necessary to specify which types of data must be transferred: – all settings and contents; – all settings and contents except for mail; – only email accounts that contain emails.
-Click on Next.
– After the data has been retrieved from the source server, specify the new IP address to be used.
Click on Next to start the data transfer.
Configure Varnish Cache for WordPress in Plesk Onyx
When a wordpress site receives a lot of traffic, the response times of the web pages may be slowed down and poorly performing. In addition, the virtual or dedicated server hosting the wordpress instance results to have a high CPU load. In this case “Varnish Cache” could be for you, as it is able to serve the duplicate content by drawing from its own cache without requesting the content from the Apache web server.
This step by step guide explains how to configure Varnish Cache on Docker containers, on a Dedicated or Virtual Server with the Plesk Onyx control panel and how to test the performance of wordpress or CMS before and after using Varnish Cache.
Why install Varnish on a Container Docker
Docker containers allow you to host instances of operating systems, application pools or individual services, in a simple way. In fact, thanks to them, it will not be necessary to install the application directly on the production server but just launch, as in our case, a “ready to go” image of Varnish, or the application you want to use, to have a environment completely independent of the underlying operating system. In fact, if there was a configuration error in the container used, it will be sufficient to remove it and recreate it in a few seconds.
How to activate Varnish in Plesk
By default, Plesk uses the Nginx web server as a reverse proxy for the Apache web server. This means that Nginx remains “listening” on port 80 (443 for https) and Apache remains “listening” on the internal port 7080 for HTTP and 7081 for HTTPS. Well, we’re going to publish the Varnish container between these two webservers; in this way Varnish will take the requests from the Nginx web server and the content from the Apache web server.
Practical tips for server security with Linux system
Anyone who runs a server hopes to never be under attack; but the violations can happen, so we have gathered here some suggestions to protect your server, as well as some advice on what to do in case of an attack.
Let’s start with some advice and procedure for security:
1. Choose complex passwords
Prevention starts during the installation procedure, when it is necessary to choose a root password that is of high complexity. For example, P @ ssw0rd is not a secure password, its complexity is nothing for security purposes.
In case of need you can use the tool for generating complex passwords on http://www.safepasswd.com/
2. Never leave your passwords unattended
Do not leave your password where someone can see it and remember to deactivate the option of storing your browser data: it is easy to break a computer and leave your passwords in memory can be very dangerous.
3. Install antivirus software on your computer
Keyloggers are viruses that can record keystrokes typed on the computer keyboard; in this way it is possible to “read” the passwords and forward them to hackers who can abuse them. Make sure you have antivirus software installed on your computer, to prevent the installation of keylogger programs.
4. Make sure that the applications on your server are accessible only to users you have authorized
The presence of applications accessible to anyone who can access your computer (authorized or not) can result in abuse.
An example: if only certain users are allowed to access via FTP or SSH, make sure that applications are protected from access through other IPs.
5. Perform regular scans for chrootkits, viruses, etc.
Monitor the server using a watchdog application. If you notice that some applications are causing problems that can not originate from your websites, this can mean that there are problems on the server.
Please note: a watchdog application will also be useful to inform you in case of server components not updated; updates are always recommended, unless the applications you are using do not require specific versions of the components.
6. Care of contents
to. Delete unnecessary files: make sure you never publish online documentation, readme, changelog or other information that is sufficient to uniquely identify you on the network and that can make it easy for hackers to access websites and data.
b. Manage and configure the rights you assign to applications in a careful and accurate way
Quite often files and applications are loaded with chmod777. This means that anyone who can access the files will be able to read, write or execute them; unless it is necessary, it blocks the rights so that only authorized users can access the files.
c. Save sensitive data in a secure format, for example in a database
Unfortunately, many people still use simple text files to store sensitive data; however, these files are not encrypted and if they end up in the hands of hackers they can be used for any kind of unwanted actions.
d. Make sure that you can not abuse the content you post
Content can be used to launch attacks on other servers, so be sure to protect it effectively. One thing that happens very often are the (My) SQL injection: to deepen we suggest you visit http://it.wikipedia.org/wiki/SQL_injection
is. Free software is not always free
Free versions of paid web applications are often available for free on the Internet. Equally often, however, within these applications is contained code that is used to access protected data.
7. Always backup your data
If you experience problems with your server you may need to reinstall it or migrate to a new machine; the fastest way to get everything online is to have a data backup available. Remember that it is always good to save the backup somewhere other than the server.
As a general rule, therefore:
keep the system up-to-date and take no risks, protect your server and your work!
Cure a violated server
Attacks by hackers are very common events, here are some instructions on what you can do to prevent them on your server.
1. The root password has been changed
You can use the Server Recovery mode (Recovery Mode option on your Control Panel) if the root password has been changed.
Please note: when the server is in Restore mode all websites, mailboxes etc. are not available.
2. The Plesk password has been changed
(Only if you have installed the Plesk management panel)
If both passwords have been changed (root and Plesk), change the password first
What to do in case of failure of Windows Server restart
If the server is not available again, please wait at least 5/10 minutes: a hard disk check by the operating system may be in progress. This is a normal automatic procedure, performed on a regular basis.
1. Nothing happens yet?
Run a check for hardware problems:
enter your Control Panel and access the Recovery Mode; the server will be started from a Linux live cd (so you can access it only in SSH mode from the terminal).
You will find the user name and password to access the server in Control Panel.
Note: The recovery mode is an advanced mode and it is advisable to carry out the following operations only if you have adequate technical skills.
Once the server has booted into Recovery Mode, run a check to look for errors on the hard disk.
2. Check for errors on the hard disk.
To check for errors and possibly try to repair them automatically you need to install the ntfs package, which you can get by typing in a terminal window:
apt-get install ntfstprogs
After installing the ntfs package, run a disk check to look for file system errors and try to repair them automatically by typing in the command line:
ntfsfix / dev / sdXY
As soon as the operation is complete, you can restart the server by typing in the terminal:
shutdown -r now
It will take a bit longer to boot up than usual as Windows will perform the disk check as required (remember that larger disks take longer).
3. Make a backup of the hard disk
If you are using Plesk, the contents of your domain are in C: \ inetpub \ vhosts \
If you are not using Plesk, consult the manual of the panel you are using (if you use one).
Back up your content and create a compressed file of the vhosts folder: to begin with, mount the disk in recovery mode by typing in the terminal:
#mount -t ntfs-3g / dev / sdXY / / [mountpoint] /
If you get an error at this point, it means you still have to install the ntfs package; type in the terminal:
# apt-get install fuse fuse-ntfs-3g
Type the command again to mount the disk in recovery mode:
#mount -t ntfs-3g / dev / sdXY / / [mountpoint] /
[mountpoint] is a command that is used in the next steps, so you can use for example: mnt.
Mnt is a default mount point.
Then proceed by typing in the terminal:
cd / [mountpoint] / inetpub /
tar zcvf vhostsbckup.tar.gz vhosts
The databases are located in
C: \ Program Files (x86) \ Parallels \ Plesk \ Databases \ MySQL \ data
cd / [mountpoint] / Program Files \ (x86) / Parallels / Plesk / Databases / MySQL /
tar zcvf databases.tar.gz data
After your contents and databases have been saved, store the compressed files on your PC’s hard drive via a secure FTP connection; for this operation you can use programs like Cyberduck (for Mac) or WinSCP (for Windows).
Once these files are saved, you can proceed to reinstall the operating system from your Control Panel.
4. Windows recovery
To restore domains from the newly created manual backup, you must first re-create those domains in the new Plesk installation, preferably using the same FTP username.
Then it recreates the databases, also using the same username previously used for each of them.
Do not worry if you do not remember the FTP username or database, the operation will still be successful.
Once you have re-created domains and databases, proceed to restore your contents by uploading the backup files to the server Desktop (still using WinSCP or Cyberduck) and unzip them.
To unpack a tar.gz file you can use the 7ZIP or Winrar utility.
After unpacking the vhostsbckup.tar.gz backup, navigate to the explorer file in C: \ inetpub \ vhosts
Then copy the domains from the backup vhosts folder and paste them into C: \ inetpub \ vhosts \
ATTENTION: copy ONLY the directory of the domain names; DO NOT copy the whole vhosts folder.
Continue then unpacking the database.tar.gz backup. You will recognize the databases by names.
You have a database named Mydb1, copy it and paste it in
C: \ Program Files (x86) \ Parallels \ Plesk \ Databases \ MySQL \ data
ATTENTION: copy ONLY the database folder (Mydb1); DO NOT copy all the folders.