Don’t Forget To Do A Spring Clean On Your Server

Over time some of us tend to get a collection of scripts on our servers that we don’t use. It may be a script that you were testing, something you wanted to check out but didn’t use or an old script that was replaced with something else.

I had two incidents this week that related to old scripts. One was a phpBB2 forum. The owner had set this up some time ago (approx. 1 year) but it hadn’t really taken off. He had emailed me that he was continually receiving high cpu load email alerts from his server. When I checked, it was MySQL that was causing the high load. I then had a look with phpMyAdmin and saw that this phpBBdatabase had over 240,000 records in the posts and topics tables and over 1 million records in the ‘words’ database. phpBB has a cron job that builds a database of words and phrases to improve search speed. Because there were so many posts this cron job was taking a long time to run and stressing the CPU a little. The posts were all from automated porn posting ‘bots’ that were just continually adding random pornography related posts. Given that the forum wasn’t getting any real use we simply removed it. It’s not the first time I’ve seen this issue though – forums are a target for automated posters of porn and general spam. If you have set up any forums in the past but didn’t get aroundto using them, now might be a good time toremove them – they may be causing unnecessary server load.

The second incident was a script that creates online forms. The whole thing was written in PHP and could create a form on-the-fly. The owner started to get hundreds of notifications from this form and didn’t know where the notifications were coming from. A quick text search on the server revealed a directory that had this form script in it. Additionally, there was no default page in that directory (i.e.index.php, index.html) and directory listing was turned on. What that means is that the list of files was there for anyone who discovered the directory. This is a common technique for hackers. If, for example, I know that by default a script that I can exploit is usually installed in /nastyscript/ I could easily set up a spider to check domains for that directory. So there are 3 tips in this instance:

  1. Remove your old scripts.
  2. Always have a default file or turn off directory indexing on your server.
  3. Don’t install to the standard directory for a script. In the example above it would have been better to install to something like /nastyscript_131/ or something similarly random.

WHM – Exclude specific accounts from backup

I had a situation recently where a hard drive filled up because of the daily/weekly/monthly backup. It was a 1 Terabyte drive in a server that was used for hosting so it was a bit unusual, given that there were only 30 or 40 hosting accounts on there. It turns out that there were soem old accounts from an application that is no longer used. That particular application had a large amount of database (MySQL) data and when the CPanel account was compressed the size of the backup file was around 217GB. Multiply that by 3 for daily, weekly and monthly and you can see that it was using up an awful lot of hard drive space.

The customer wanted to keep the data for now, but it wasn’t important enough that it should be backed up. The solution is to go into the WHM backup configuration and scroll to the bottom and click on theĀ  ‘Select>>’ button. This allows you to de-select the accounts that you don’t want backed up. Alternatively, if you are abit of a unix head or want to disable backup of accounts with your own script, all you need to do is add the accounts that you don’t want backed up to /etc/cpbackup-userskip.conf. Just add the account username, one per line.