SYCOUSA.COM log

LOG:
WP
Backup settings
https://linuxize.com/post/install-configure-fail2ban-on-debian-10/
apt install iptables
DA custom build – imagick, suhosin, opcache
service directadmin restart
https://www.youtube.com/watch?v=Cul5K34N2nw Installing Avada
Install addons
wp-config.php -> set_time_limit(300);
DA user PHP settings -> max_input_vars = 1560

Installed plugins:
hide my wp ghost lite
minimal coming soon & maintenance mode
Wordfence security
WP opcache

LATER:
WP cash and minify
SEO
GOOGLE search
exim whitelist
OPCACHE finetune
mysql finetune
httpd finetune
CSF (firewall) settings

DONE:
Make landing page from PDF files
Make logo from PDF files

OLD

Decide on host:
Lightsail
Buyvm V
Ramnode
Dreamhost
Bluehost

Server SW:
Hestia
DirectAdmin V

OLD WP Settings:
Font – Barlow
Theme – Kahuna
Color accent – #006c66
Link – #006c66
Hover – Light gray??
MMenu 2nd level BG – #83878d (or #3c414a)
Accent colors – #f9b000 (yellow) and #3c414a (dark gray)
Site BG – #f7f8f9
https://www.cryoutcreations.eu/wordpress-tutorials/use-new-social-menu

status.idrv.ru

status.idrv.ruDownload
DOMAINS:
GOOGLE ($12):
idrv.ru (04.05.21)
RU-TLD ($3):
rateam.ru (08.01.21), idrv.ru (09.22.21), lowendbox.ru (12.15.21), vpslab.ru (12.15.21) 
NAMECHEAP ($13-15): 
altair-moda.com (03.5.21), simplyfast.net (06.20.21), samurai-do-yadlin.com (07.18.21) 

VPS SERVERS:
GULLO.ME 
NAT IPv4 Chicago 
512 MB 10 GB 1v Core 
1 NAT W/ 20 Ports + 1 SSH Port 
500 GB @ 1gbps 
$12.5 / Year / $8 with coupon LEB-NAT-512MB 
185.172.165.210:25420 

RamNode - NL - 512MB RAM 512MB vSwap 2 CPU cores @ 3.3GHz+ 40GB SSD disk space 2TB Bandwidth 1Gbps uplink 1x IPv4 address 16x IPv6 address OpenVZ/SolusVM Price with coupon: $4.35/mo 81.4.108.242 

Racknerd - NY -  1x vCPU Core 12 GB Pure SSD RAID-10 Storage 768 MB RAM 2000GB Monthly Bandwidth 1Gbps Public Network Port Full Root Admin Access 1 Dedicated IPv4 Address KVM / SolusVM LOCATION: New York $9.49/YEAR! 23.95.164.194 

Racknerd - NY -  1x vCPU Core 30 GB SSD Cached RAID-10 Storage 1 GB RAM 3500GB Monthly Bandwidth 1Gbps Public Network Port Full Root Admin Access 1 Dedicated IPv4 Address KVM / SolusVM LOCATION: New York Only $15.25/YEAR! 23.95.164.217 

IPs and services:
idrv.ru > 23.95.164.194 
idrv.ru > 5.135.45.116; 
lowendbox.ru > 
vpslab.ru > 23.95.164.217 
simplyfast.net > 81.4.108.242; 

Cancelled = vpslab.ru = US = Vesta(apache_sandbox); 
Cancelled = de.simplyfast.net = DE = ISP(isplicense.com); 
GULLO = former idrv.ru = US = VPN; 
RAMNODE = simplyfast.net = EU = ISP(fastvps.ru);

Monitoring tool - https://app.syagent.com/servers


LINUX COMMANDS!!!

Putty has ability to copy-paste. In mcedit, hold Shift and select by mouse.
To paste – shift and right click.
***
chown -R admin:admin web/

chmod -R 777 /home/admin/domains/domain_name/public_html/folder/

find /home/backup* -mmin +1 – exec rm {} \;   (remove files older than #minutes)

List files by owner and chmod:

ls -l | sort -k3,3

Download files between VPSs:
Go to desired folder.
curl -k -u root:pass sftp://idrv.ru//root/test.txt -o test.txt
Upload file between VPSs:
Go to desired folder with file.
curl -k -u root:pass sftp://idrv.ru//root/ -T test.txt

RA v3.01 LOG

v3.01 To Do:

  • MESSENGER -REPLYED MSGs LOOKS LIKE SHIT!!!!!!! done by adding div
  • Friends
  • Sponsors
  • Readmore,  pagination
  • teasmspeak “ajax popup folder”
  • Menu
  • GFX: LOGO, (remake news banners)
  • Fix image resize (forum is smaller than news)
  • Icons translate
  • bbcode YT fullscrene
  • Ranks
  • CHMOD!!!!!!!
  • News: RUSSIAN selected, no guest comms : DONE – articles,clanwars,demos,gallery,news,polls
  • Videos DB (manual renew)
  • Skype to profile – partly done (no skype  showing in profile)


AFTER UPDATE:

  • VIDEOS.PHP – import DB after update
  • calendare mbstrip update
  • check htaccess in image folders
  • skype  (and other contacts) db import – MAYBE???
  • Edit admins and contact info for contacts fightus and joinus – ???????????????
  • squad icons + mini icons
  • adsence color change
  • change admin mail to redarmyteam@gmail.com
  • upper links to squads
  • CHECK FILE PERMISSIONS (also change owner)
  • Ranks – import DB after update
  • News banners to news
  • Translate global rubrics

  • Check maks s superadmin
  • add copyright
  • change db’s
  • fix time (putenv (‘TZ=Europe/Moscow’);)
  • forward new mail to maks

Upload Vesta user backups to Dropbox automatically daily

simplyfast_to_dropbox.shDownload

My script (copy and change for each domain) sudo sh /usr/local/bin/test_to_dropbox.sh:

#!/bin/bash

#Loop through each file in the backup folder 
for X in /simplyfast_bu/root/*; do

cp $X /tmp/root.tar.gz
#Rename current file in Dropbox
/dropbox/dropbox_uploader.sh -f /root/.dropbox_uploader move /root/root.tar.gz /root/root.tar.gz.OLD
#Send new file to Dropbox
/dropbox/dropbox_uploader.sh -f /root/.dropbox_uploader upload "/tmp/root.tar.gz" /root/
#Delete old file from Dropbox
/dropbox/dropbox_uploader.sh -f /root/.dropbox_uploader delete /root/root.tar.gz.OLD
#Delete the file from tmp
rm -rf /tmp/root.tar.gz
done

***

Also, at  the end set the crontab for root user:

crontab -e

(to test)*/5 * * * * sudo sh /usr/local/bin/test_to_dropbox.sh

(prod)0 4 * * 1 sudo sh /usr/local/bin/simplyfast_to_dropbox.sh

[add new line]

***

ORIGINAL:

Upload Vesta user backups to Dropbox automatically daily

Post by vesta_mtl » Fri Mar 17, 2017 2:49 pm

I have setup my Centos 7 server to send the Vesta backups of all my websites (users) to Dropbox automatically every day (after Vesta has run the backup job). In case it helps anyone, here is how.

Configure Dropbox uploader

  1. Go here: https://www.dropbox.com/developers/apps
  2. Create a new Dropbox app and give it access to a new folder in the Apps directory (e.g. server_backups)
  3. Generate and copy your access token
  4. On your server, enter these commands (make a directory, navigate to it, download the dropbox upload bash script dropbox_uploader.sh, give it execution permissions, execute it) and paste your token when prompted to.

CODE: SELECT ALL

cd /
mkdir dropbox
cd dropbox
curl "https://raw.githubusercontent.com/andreafabrizi/Dropbox-Uploader/master/dropbox_uploader.sh" -o dropbox_uploader.sh
chmod 755 dropbox_uploader.sh
./dropbox_uploader.sh

Optional: Send a single file to Dropbox as a test (replace with your backup filename).

CODE: SELECT ALL

/dropbox/dropbox_uploader.sh upload "/home/backup/admin.2017-03-17.tar" /

Schedule the backups to go to Dropbox daily

Make this new file:

CODE: SELECT ALL

vi /usr/local/bin/send_site_backup_files_to_dropbox.sh

Add this to the file, then save it (type Esc, :wq):

CODE: SELECT ALL

#!/bin/bash
#Save current date  as YYYY-MM-DD to a variable
DATE=$(date +"%Y-%m-%d")
#Loop through each file in the backup folder whose name has the current date
for X in /home/backup/*$DATE*; do
    #X is the filename with path. Remove path to get just the filename.
    NAME_NO_PATH=${X##*/}
    #Remove the date from the name (removes all text between the periods)
    NEW_NAME="${NAME_NO_PATH%%.*}.${NAME_NO_PATH##*.}"
    #Copy the file to tmp with the new non-dated name
    cp $X /tmp/$NEW_NAME
    #Send it to Dropbox
    /dropbox/dropbox_uploader.sh -f /root/.dropbox_uploader upload "/tmp/$NEW_NAME" /
    #Delete the file from tmp
    rm -rf /tmp/$NEW_NAME
done

Note: The backup file that is uploaded to Dropbox has the date removed from its filename so that every day, the new backup will overwrite the previous backup in Dropbox. This way you don’t get an accumulation of backups (e.g. admin.2017-03-17.tar, admin.2017-03-18.tar, etc…) and always only have one backup file for each user (e.g. admin.tar) in Dropbox. Using Dropbox’s file version history, you can access older backups of that user. The backups on the server are unchanged (they are not renamed, and they are kept for two days as per Vesta’s normal behaviour).

Optional: Run it once as a test (your backups folder must have today’s backups in it).

CODE: SELECT ALL

sh /usr/local/bin/send_site_backup_files_to_dropbox.sh

Verify what time Vesta does its daily backups:

  1. Log into Vesta as admin
  2. Click Cron
  3. Find “sudo /usr/local/vesta/bin/v-backup-users” and click edit
  4. Verify what time Vesta does backups (change the time if desired)

Install moreutils (needed for “ts” command used in crontab):

CODE: SELECT ALL

yum install moreutils

Edit crontab:

CODE: SELECT ALL

crontab -e

Add this line to crontab so your backups are sent every morning at 3:45am (or any other time you want, just make sure it is at least 30 minutes after Vesta does the backups). Change the email address at the end to whatever address you wish to get the emailed report.

CODE: SELECT ALL

45 03 * * * sh /usr/local/bin/send_site_backup_files_to_dropbox.sh | ts "[\%Y-\%m-\%d \%H:\%M:\%S]" 2>&1 | tee /var/log/send_backups_to_dropbox.log | mailx -s "Report for Vesta backup files sent to Dropbox" email@example.com

Optional: You can view the log here (but this will also get emailed to as per the previous step).

CODE: SELECT ALL

cat /var/log/send_backups_to_dropbox.log

That is all, your backups will now be sent to Dropbox daily at the time you specified in crontab, and you will get an email report with the results.

I have successfully used this for files up to 10 Gb in size, and I think it should work fine for even larger. You can read more about how the Dropbox Uploader script does this, and other options it offers, here: https://github.com/andreafabrizi/Dropbox-Uploader

Monitoring the fail2ban log

System: Monitoring the fail2ban log

Following on from the article on fail2ban and iptables this article looks at the fail2ban logfile and ways to analyse it using simple command-line tools such as awk and grep.

1. Format of the Logfile

At the simplest logging level, entries will appear in /var/log/fail2ban.log as follows (fail2ban version 0.8.3):

...
2006-02-13 15:52:30,388 fail2ban.actions: WARNING [sendmail] Ban XXX.66.82.116
2006-02-13 15:59:29,295 fail2ban.actions: WARNING [sendmail] Ban XXX.27.118.100
2006-02-13 16:07:31,183 fail2ban.actions: WARNING [sendmail] Unban XXX.66.82.116
2006-02-13 16:14:29,530 fail2ban.actions: WARNING [sendmail] Unban XXX.27.118.100
2006-02-13 16:56:27,086 fail2ban.actions: WARNING [ssh] Ban XXX.136.60.164
2006-02-13 17:11:27,833 fail2ban.actions: WARNING [ssh] Unban XXX.136.60.164

This is all very interesting, but what if you want to see a summary report so that you can try to identify IP addresses that regularly trigger Fail2Ban – so that you can send a report to their ISP or block them using a firewall script for example?

2. Generating Simple Reports

All of the following commands can be run at the command-line or via a script. They are written for Linux/UNIX systems but may work on other platforms.

Grouping by IP address:

awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n

Note: the variable NF equals the number of fields in each row of the logfile. So $NF is the value of the last field.

Sample output:

...
4 XXX.124.81.130
5 XXX.248.175.246
8 XXX.29.45.142

Remember that each time an IP address gets banned it’s because they’ve been caught at least maxfailure times, so a total of 8 represents maybe 30 matches in the relevant logfile. Once they reach 10-20 you might consider them as candidates for reporting, or a more permanent solution (see below).

To run this report for all logfiles only a slight change is needed:

zgrep -h "Ban " /var/log/fail2ban.log* | awk '{print $NF}' | sort | uniq -c

or, even better, we can truncate the IP addresses to identify the most problematic subnets:

zgrep -h "Ban " /var/log/fail2ban.log* | awk '{print $NF}' | awk -F\. '{print $1"."$2"."}' | sort | uniq -c | sort -n | tail

This is the best report for identifying problem subnets. The output will be the first two bytes of the most ‘caught’ subnets:

...
75 83.110.
90 219.95.
154 210.213.

Let’s take the last one on the list (highlighted) and see what it’s been up to:

zgrep -c 210.213. /var/log/fail2ban.log*

The output shows how many times those numbers appear in each logfile:

fail2ban.log:39
fail2ban.log.1.gz:129
fail2ban.log.2.gz:55
fail2ban.log.3.gz:78
fail2ban.log.4.gz:22

and which specific IP addresses are involved:

zcat /var/log/fail2ban.log* | awk '(NF == 6 && $NF ~ /^210\.213\./){print $NF}' | sort | uniq -c

The output of this will be a list of the IP addresses starting with 210.213. If they look like they’re part of a subnet (or multiple subnets) you can copy the lowest and highest numbers in our Subnet Calculator to give you the subnet code which you can then add to your firewall rules (see below for details).

Grouping by IP address and Hostname:

The command for including hostnames in the list is a bit more complicated. You also need to insert the correct path for the logresolve program which converts IP addresses to hostnames (the path may be something like /usr/sbin/logresolve but it varies between systems):

awk '($(NF-1) = /Ban/){print $NF,"("$NF")"}' /var/log/fail2ban.log | sort | logresolve | uniq -c | sort -n

Note: The logresolve command can take some time, especially if there are a lot of IP addresses to be processed.

The output is similar to what we’ve seen previously, but also includes the hostname which makes it easier to identify the ISP and/or country of origin and to see which entries might be related:

...
4 XXX.net.pk (XXX.83.169.221)
5 XXX.248.175.246 (XXX.248.175.246)
8 XXX.example.com.au (XXX.29.45.142)

You can of course just run hostdignslookup or logresolve manually on the addresses that you want to identify.

Group by IP address and Fail2Ban section:

grep "Ban " /var/log/fail2ban.log | awk -F[\ \:] '{print $10,$8}' | sort | uniq -c | sort -n

This shows us which services each IP address has been trying to access/exploit:

...
4 XXX.124.81.130 [sendmail]
5 XXX.248.175.246 [sendmail]
8 XXX.29.45.142 [sendmail]

Now you know which logfiles to look in to see what they were doing to get banned. In this case it’s most likely passing forged mail headers to sendmail which you can see in /var/log/mail/mail.log (or the relevant file on your system).

Reporting on ‘today’s activity:

Here’s a report I find useful to run before midnight each day to generate a summary of the day’s activity:

grep "Ban " /var/log/fail2ban.log | grep `date +%Y-%m-%d` | awk '{print $NF}' | sort | awk '{print $1,"("$1")"}' | logresolve | uniq -c | sort -n

The output will be the same as the second report above, but limited to just today’s activity rather than the whole logfile.

Grouping by Date and Fail2Ban section

This report scans all fail2ban logfiles and gives you a summary of how many ban events there were for each section on each day:

zgrep -h "Ban " /var/log/fail2ban.log* | awk '{print $5,$1}' | sort | uniq -c

This can give you an idea of longer-term trends and the effectiveness of your firewall rules. This method of examining all logfiles rather than just the current one can also be applied to most of the reports above.

3. Banning an IP block or subnet

If it turns out that a significant portion of ‘unwanted’ traffic comes from a single ISP then you should try sending an email to their abuse address, but don’t be too hopeful of getting a response. If the abuse continues then it’s time to get strict.

First have a look at the different IP addresses that are being caught. See if you can identify which ones come from the same subnet. The whois reports often include this information, otherwise you can use our Subnet Calculator to help you along – just paste the lowest and highest addresses into the form and it will give you the smallest subnet that covers them both.

Once you have this value (in the form XXX.XXX.XXX.XXX/XX) you can add a firewall rule using iptables to block them from the server completely, or just from the port they’re abusing. For a single address you don’t need to worry about subnets and the address can be used directly.

Block a subnet from accessing SSH:

iptables -I INPUT -p tcp -s XXX.XXX.XXX.XXX/XX --dport ssh -j REJECT --reject-with tcp-reset

Block a subnet from accessing SMTP (mail):

iptables -I INPUT -p tcp -s XXX.XXX.XXX.XXX/XX --dport smtp -j REJECT --reject-with tcp-reset

Block an IP address from HTTP:

iptables -I INPUT -p tcp -s XXX.XXX.XXX.XXX --dport http -j REJECT

Block an IP address from FTP (using DROP):

iptables -I INPUT -p tcp -s XXX.XXX.XXX.XXX --dport ftp -j DROP

and so on for other services.

In the FTP example we’ve used the DROP policy instead of REJECT as that causes the connection to hang for a longer time rather than giving an instant notification that they’ve been rejected.

These rules will be added to the start of your firewall. You can also use -A (append) instead of -I (insert) to specify the end of the chain, or include a rule number to insert them into the middle of a chain. The command for removing a rule is identical, just with -D in place of -I, or again, you can specify the chain and line number.

To see what effect these rules are having – the number of packets and bytes being blocked by each rule – use the following command and look at the values in the first two columns.

iptables -vnL INPUT --line-numbers

At some point (hopefully) the source computer will be ‘fixed’ or in any case stop abusing your server. You should then remove the firewall rules.

4. Monitoring the fail2ban log with fail2ban 0.8

This is something I’ve been meaning to investigate for some time now, and there have been a number of request for this ability. Can we use fail2ban to block for a longer time (even permanently) addresses when they’ve been blocked a number of times by the normal fail2ban filter.

It seems that it is possible, though you may have to set up different jails for different ports. For example, for repeat offenders according to the sendmail filter, add the following to /etc/fail2ban/jail.local:

[fail2ban-smtp]


enabled = true
port = smtp
filter = fail2ban-smtp
logpath = /var/log/fail2ban.log
maxretry = 3
findtime = 21600
bantime = 86400

And then create a file /etc/fail2ban/filter.d/fail2ban-smtp.conf with the following:

failregex = \[sendmail\] Ban <HOST>
ignoreregex =

Finally start the new jail:

# fail2ban-client add fail2ban-smtp
# fail2ban-client start fail2ban-smtp

With these settings, fail2ban will monitor it’s own logfile and if a HOST is banned three times (maxretry) in six hours (findtime) they will incur a new ban lasting a full 24 hours (bantime). If you set the bantime value as negative then the HOST in question will never be unbanned.

Similar rules can be set up for other existing jails, and they can be combined if they share the same port. Let us know though the Feedback form below if you have any questions or comments about using it on your server.

5. Test new filters using fail2ban-regex

Whenever you add or change a filter you will want to test that the regular expressions are correct by running it over an existing logfile.

The tool for doing this is fail2ban-regex which is used as follows:

fail2ban-regex /var/log/fail2ban.log /etc/fail2ban/filter.d/fail2ban-smtp.conf

The first argument is the logfile to be scanned and the second argument the jail configuration file containing failregex.

The output lists first all the regular expressions that are being used followed by a tally of how many matches there are for each one. This should match what you can find manually in the logfile using grep or awk. Finally, a list of the ‘caught’ IP addresses is displayed.

Results
=======

Failregex
|- Regular expressions:
| [1] \[sendmail\] Ban <HOST>
|
`- Number of matches:
[1] 46 match(es)

...

If nothing is being matched, or everything is being matched that may suggest a problem with the regexp. Otherwise, if everything looks ok, you can start the new jail as described above.

< System

7. User Comments

Post your comment or question

Luke 13 August, 2019

Typing “zcat /var/log/fail2ban.log*” says:

gzip: /var/log/fail2ban.log: not in gzip format
gzip: /var/log/fail2ban.log.1: not in gzip format

But typing it without zcat and just cat shows nothing. Any help?

Just use “zcat -f /var/log/fail2ban.log*” to avoid this warning, but the Fail2Ban log format has also changed in recent versions, so the above commands will need re-working 

John 7 August, 2014

Is there a command I can type that will show me a list of fail2ban banned IP’s?

Or if I wanted to clear out all banned IP’s, how would I do it?

From the command-line you can view all the iptables rules, including Fail2Ban using:

iptables -vnL –line-numbers

and remove a rule using (with caution):

iptables -D fail2ban-<JAIL> <#LINE>

You can query Fail2Ban directly:

fail2ban-client status
fail2ban-client status <JAIL>

Where ‘<JAIL>’ is one of the jails listed in the output of the first command (e.g. ‘ssh’ or ‘apache-overflows’).

To clear out all (most) banned IP’s just stop and start Fail2Ban or one particular jail. There is also a configuration option to white list specific ip addresses so they are never banned.

Robert 21 April, 2014

Actually for the fail2ban.log filter to work properly you should filter for the Unban instead of the Ban.

Else it tries to set a ban that already exists and after 10 minutes the ban will be removed like always. So by checking for the Unban you can apply that ban for 24 hours (or more) when the ip showed up to many times in your fail2ban.log

Mijo 21 October, 2013

Hello,

thank you very much for this great article, it explains it very well, while still giving solutions that are usable!

Regards…

Another Kyle 22 June, 2012

Great tutorial. I did have one minor issue setting up the new filter (/etc/fail2ban/filter.d/fail2ban-smtp.conf)

I had to add the line
[Definition]

above the
failregex = [sendmail] Ban <HOST>
ignoreregex =
lines.

Fail2Ban v0.8.4-SVN on debian

Kyle 2 June, 2011

Wow. Incredible commands. Helps me alot. With trial and error I got a nice combination:

daily list with logresolve and shown services of bans:
grep "Ban " /var/log/fail2ban.log | grep `date +%Y-%m-%d` | awk -F[\ \:] '{print $10,$8,$10}' | logresolve | sort | uniq -c | sort -n

Since logresolve is not that good it might be interesting to implement Geo-Ip Service like that from maxmind.com

Jason Lynch 2 March, 2009

Does anyone know if fail2ban can be made to read gzipped logs as well? The /etc/log/fail2ban.log file only seems to contain a day or two of data. If we’re looking for repeat offenders, I’d think we’d want to go back a little further if possible.

I think as long as fail2ban is running uninterrupted it will keep track of all matches within findtime. It only when it’s restarted that you miss the data from rolled over log files.

Jason Lynch 23 February, 2009

I’d love to see an article on how to have fail2ban monitor it’s own logs and automatically ban repeat offenders for an extended period of time (or permanently). I am currently manually grepping through those logs and adding the IP’s to my blocklist.

I’ve just added a new section to the above article for this 

Tom Klein 17 February, 2008

Thank you for the great article.
Is there any way to permanently ban IP addresses in an automatic way, which are banned e.g. 5 times before?

You can always add a rule to iptables using the command line to block a particular IP address or block of addresses:

iptables -A INPUT -p tcp -s <host> –dport <port> -j REJECT –reject-with tcp-reset

Or you could set up a Fail2Ban rule to monitor it’s own logfile and block repeat offenders for a longer time period. It’s something I’ve thought about doing and might be adding here before too long.

idrv.ru LOG

apt update
apt install htop iftop iotop mc curl
curl https://raw.githubusercontent.com/ajenti/ajenti/master/scripts/install.sh | bash -s –
apt purge apache2*

curl -O http://vestacp.com/pub/vst-install.sh

bash vst-install.sh –nginx yes –phpfpm yes –apache no –named yes –remi yes –vsftpd yes –proftpd no –iptables yes –fail2ban yes –quota no –exim no –dovecot no –spamassassin no –clamav no –softaculous yes –mysql yes –postgresql no –hostname idrv.ru –email ilevkov@gmail.com –password w1thgod5helpdewev0

/usr/local/vesta/bin/v-restore-user admin admin.2019-07-31_05-10-02.tar

*******************************************
https://gitlab.com/desbest/celeron-dude-indexer/

**********************************PHP5 to PHP7*************
First Remove PHP5
CODE: SELECT ALL

apt-get remove –auto-remove php5-fpm
Presuming you are on Debian 8 and you want to install PHP 7.1 FPM

Add repo
CODE: SELECT ALL

apt-get install apt-transport-https lsb-release ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo “deb https://packages.sury.org/php/ $(lsb_release -sc) main” > /etc/apt/sources.list.d/php.list
apt-get update
Install PHP 7.3 FPM
CODE: SELECT ALL

apt install -y php7.3-fpm
Install Supporting PHP7.3 modules
CODE: SELECT ALL

apt install -y php7.3-xml php7.3-zip php7.3-mysql php7.3-curl php7.3-mbstring php7.3-json php7.3-gd php7.3-intl php7.3-mcrypt php7.3-xsl php7.3-soap php7.3-common php7.3-readline php7.3-cli php7.3-opcache php7.3-iconv php7.3-sqlite3 php7.3-imap
apt-get install php7.3-apcu php7.3-mbstring php7.3-bcmath php7.3-cli php7.3-curl php7.3-fpm php7.3-gd php7.3-intl php7.3-mysql php7.3-soap php7.3-xml php7.3-zip php7.3-memcache php7.3-memcached php7.3-zip
update-rc.d php7.3-fpm defaults
CODE: SELECT ALL

ln -s /lib/systemd/system/php7.3-fpm.service /lib/systemd/system/php-fpm.service

thanks. this helped me… i’ve totally forgotten to remove php 5

So how i got it working:
remove the old and install the new php-version as posted by mehargags
copy your config files from /etc/php5/fpm/pool.d/ to the new directgory /etc/php/7.3/pool.d/
remove /etc/php5 from the filesystem
change the config in /usr/local/vesta/conf/vesta.conf
CODE: SELECT ALL

WEB_BACKEND=’php7.3-fpm’
v-list-sys-services will now show that php7 is running & you can add new configs (yay \o/ )
mv /usr/local/vesta/web/edit/server/php5-pfm to /usr/local/vesta/web/edit/server/php7.3-fpm (now edit works)
Thanks for the help! 🙂

if you previously had Php5, just verify you remove it on /etc or /etc/php
Because you should have a pool.d directory for php5 too and the vesta script find 2 directories and doesn’t know how to play with …

if you want to have a copy of your php5 distrib, just rename /etc/php5/fpm/pool.d to /etc/php5/fpm/pool1.d
and try again ….
Restart PHP
===
error: php7.3-fpm restart failed:

@klou , You should just specify name of the service which controls php-fpm process in /usr/local/vesta/bin/v-change-sys-service-config script at 98th row, not binary filename.
For example, replace php-fpm7.1 (or more complicated statement, like =$(ls /usr/sbin/php*fpm* |cut -f 4 -d /) ) with just php-fpm And it works well for me.
My excerpt from the script mentioned above

if [ “$service” = ‘php’ ]; then
if [ “$WEB_SYSTEM” = “nginx” ]; then
service=”php-fpm”
else
service=$WEB_SYSTEM
fi
fi
For Ubuntu 16.04
===
===
Can’t create new domain?:
Delete /etc/init.d/php5-fpm

https://forum.vestacp.com/viewtopic.php?t=15860
https://forum.vestacp.com/viewtopic.php?t=17129
https://github.com/serghey-rodin/vesta/issues/1286
**************************************
**************Config for WonderCMS*********
location = /database.js {
deny all;
return 404;
}

autoindex off;
if (!-e $request_filename) {
rewrite ^/(.+)$ /index.php?page=$1 last;
} ####Inside Location /###

CONFIG:

server {
listen 162.208.8.213:80;
server_name hp.idrv.ru www.hp.idrv.ru;
root /home/admin/web/hp.idrv.ru/public_html;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/hp.idrv.ru.log combined;
access_log /var/log/nginx/domains/hp.idrv.ru.bytes bytes;
error_log /var/log/nginx/domains/hp.idrv.ru.error.log error;

###
location ~ database.js {
return 403;
}
autoindex off;

###
location / {

location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}

###
if (!-e $request_filename) {
rewrite ^/(.+)$ /index.php?page=$1 last;
}
###

location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}

fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}

error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;

location /error/ {
alias /home/admin/web/hp.idrv.ru/document_errors/;
}

location ~* “/\.(htaccess|htpasswd)$” {
deny all;
return 404;
}

location /vstats/ {
alias /home/admin/web/hp.idrv.ru/stats/;
include /home/admin/conf/web/hp.idrv.ru.auth*;
}

include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;

include /home/admin/conf/web/nginx.hp.idrv.ru.conf*;
}
********************************************

Index:
<meta http-equiv=”Refresh” content=”0; url=http://6000.idrv.ru/CA393-00880 – Parts Catalog 6000.htm” />

robots:
User-agent: *
Disallow: /

Autoindex folder:
location / {
###
alias /home/admin/web/docs.idrv.ru/public_html/files/;
autoindex on;

###
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}

******************************
OPENVPN:

Installed Debian 9

https://github.com/angristan/openvpn-install#faq

wget –no-check-certificate https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh -O openvpn-install.sh && bash openvpn-install.sh
ORT: 443
DNS: Cloudflare
Vesta installed – VPN stopped working