421 Too many connections from this IP

This article discusses why you may receive a Too many connections from this IP error message when you use FTP, and how to resolve the problem.

Causes an idle FTP connection?

The default setting is usually 8 or 10 simultaneous FTP connections from 1 IP. If you exceed this amount, you may run into a 421 Connection Error which are often caused by Idle FTP connections.

Idle FTP connections are caused when an FTP client opens multiple connections, without closing the previous ones, or due to an incorrect setting.

VPS and Dedicated hosting plans have the ability to modify the number of simultaneous connections allowed in their WHM; the default setting is usually 8.

Increasing this limit will prevent the error messages.  Our Shared and Reseller plans allow up to 8 simultaneous FTP connections from 1 IP address at a time, but cannot raise this limit.

Response: 421 Too many connections (8) from this IP

If your FTP client is using more than 8 connections at the same time, you will get refused with a message similar to this:

Response: 421 Too many connections (8) from this IP Error: Could not connect to server Status: Disconnected from server Status: Disconnected from server Status:  Delaying connection for 5 seconds due to previously failed connection attempt...

 

Closing Idle Connections in cPanel (Disconnect users from an FTP session)

If you suspect malicious activity from a user, or if the user is idle, you can disconnect their FTP session.

To disconnect a user from an FTP session, perform the following steps:

1. Login to cPanel, Click the FTP Session button under the Files section.

ftpconnections1.1

 

2. You will then see a list current FTP connections. Click the disconnet_icon icon next to the process ID that you wish to disconnect in the Action column.

ftpconnections1.2

 

You will then see a message similar to this Are you certain that you wish to disconnect the “test@” FTP user? Click the Disconnect button to proceed.

ftpconnections1.3

Now check reloading the page.

How do I Directory Privacy in my Control Panel

protect folder
protect folder

This feature allows you to protect certain directories of your account. If you enable this feature, the system prompts users for a username and password when they attempt to view content in a protected folder.

How Directory Privacy works

It’s important to understand how Directory Privacy on a folder works. When you choose to password protect a directory in cPanel, cPanel creates a rule in your .htaccess file.

This rule specifies that the folder is protected and the visitor will need to provide the proper username and password to log in and view the files.

Configure a password for a directory
  1. To password protect a directory, perform the following steps:
  • Select the directory that you wish to protect.
  • Click the appropriate folder iconto navigate to a different folder.
  • Click the desired folder’s name to select it.
Note: A protected directory's subdirectories inherit their parent directory's password protection.

2. Select the Password protect this directory checkbox.

3. Enter a display label for the directory in the Name the protected directory text box.

Note: This name is only a label for the directory, and you should not confuse it with the directory's actual name.

4. Click Save.

After you complete this process, you must create a user that can access this directory.

Create a user

To create an authorized user for the directory, perform the following steps:

  1. Enter the desired username in the Username text box.
  2. Enter and confirm the new password in the appropriate text boxes.
Notes:The system grades the password that you enter on a scale of 100 points. 0 indicates a weak password, while 100 indicates a very secure password.

Some web hosts require a minimum password strength. A green password Strength meter indicates that the password is equal to or greater than the required password strength.

Click Password Generator to generate a strong password. For more information, read our Password & Security documentation.
Click Add Or Modify The Authorized User.
Note: To change the authorized user's password, enter the user's information again in the Create User section of the interface, but enter a different password for the user.
Remove password protection

To remove password protection from the directory, deselect the Password protect this directory check box in the Security Settings section of the interface and click Save.

How to enable log rotation on Linux hosts

Log rotation is an way to manage old log files to reduce disk space usage on the server.logrotation

By default log rotate is invoked once a day using a cron scheduler from location /etc/cron.daily/

grep logrotate.conf /etc/cron.daily/logrotate
/usr/sbin/logrotate /etc/logrotate.conf >/dev/null 2>&1

Log rotation is manged by two different configuration files /etc/logrotate.conf [generic file] and a service specific configuration file placed under /etc/logrotate.d/ folder.

For example, we have to add below contents in /etc/logrotate.d/cmdlog (name can be anything) file to enable log rotation for /var/log/cmdlog.log.

/var/log/cmdlog.log
{
missingok
notifempty
size 200M
rotate 5
compress
create 0600 root root
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

Where,

/var/log/cmdlog.log : Log file for which rotation is needed; We can specify multiple log files[one per line] or else use regex to cover multiple log files. Example : /var/log/*.log can be used.

missingok : Do not output error if log file is missing.

notifempty : Do not rotate log file if it is empty

size : Log file is rotated only if it grow bigger than the specified size.

rotate : ensures that logrotate keeps a specified number of backup of log files.

compress : Old versions of log files are compressed with gzip by default.

create : Creates a new log file wit permissions 600 where owner and group is root user.

daily, weekly, monthly, or yearly : Backup rotation interval

prerotate & postrotate : In some cases, we might have to restart a service or kill a process before or after rotating logs in such cases we can use these options.

For more available options, try “man logrotate” command.

Once above file is created, either we can wait for logrotation to happen when the cron runs or else we can issue below command to run logrotate forcefully.

logrotate -f /etc/logrotate.conf

Creating Virtual Directories

Create a virtual directory within a website:

Go to Websites & Domains and find the website’s domain name.

Click Virtual Directories. You are in your web site root now.

Navigate to the directory in which you want to create a virtual directory.

Click Create Virtual Directory.

Specify the required parameters:

Name – specify the virtual directory name.

Path – specify the virtual directory path:

Select the Create physical directory with the same name as virtual directory checkbox to automatically create a physical directory with the same name as the virtual directory you are creating.

Clear the Create physical directory with the same name as virtual directory checkbox and specify the path in the field to select a physical directory that already exists.

Script source access – select this checkbox to allow users to access source code if either Read or Write permissions are set. Source code includes scripts in ASP applications.

Read permission – select this checkbox to allow users to read files or directories and their associated properties.

Write permission – select this checkbox to allow users to upload files and their associated properties to the virtual directory or to change content in a write-enabled file. Write access is allowed only if browser supports the PUT feature of the HTTP 1.1 protocol.

Directory browsing – select this checkbox to allow users to see a hypertext listing of the files and subdirectories in the virtual directory.

Log visits – select this checkbox if you want to store the information about visits of the virtual directory.

Create application – select this checkbox to make the directory an IIS application. The directory becomes logically independent from the rest of the website.

Execute permissions – select the appropriate program execution level allowed for the virtual directory.

None – allow access only to static files such as HTML or image files.

Scripts only – allow running scripts only, not executables.

Scripts and Executables – remove all restrictions so that all file types can be executed.

ASP Settings – set specific settings for ASP-based web applications.

If you are using ASP-based applications that cannot operate correctly under data transfer restrictions currently set by IIS, clear the Defined by parent directory checkbox corresponding to the field you want to change and type in the required number.

If you want to enable debugging of ASP applications on the server side, clear the corresponding Defined by parent directory checkbox and select the Enable ASP server-side script debugging checkbox.

If you want to enable debugging of ASP applications on the client side, clear the corresponding Defined by parent directory checkbox and select the Enable ASP client-side script debugging checkbox.

Note that if you are trying to change ASP Settings for the root virtual directory, the default checkbox names will be Defined by IIS instead of Defined by parent directory.

Click OK.

To remove a virtual directory from a website:

Go to Websites & Domains and find the website’s domain name.

Click Virtual Directories.

Select the checkbox corresponding to the directory you want to remove.

Click Remove.

Confirm the removal and click OK.

Shared hosting, VPS or Dedicated hosting

shared vs VPS vs Dedicated Hosting
shared vs VPS vs Dedicated Hosting

Web hosting is a service that allows organizations and individuals to post a website or web page on to the Internet. When Internet users want to view your website, all they need to do is type your website address into their browser.

Their computer will then connect to your server and your webpages will be delivered to them through the browser. Most hosting companies require that you own your domain name in order to host with them. If you do not have a domain name, the hosting companies will help you purchase one.. Most of your current files (documents, pictures, software etc) are sitting there on your personal computer/laptop.

Only you can access them, right? If you wanted to show those files to other people, you’d have to send the files to those people, think of web hosting as sending your ‘files’ to a whole lot of people.

Your website is the file and essentially it’s being put up on the internet for people to view. So instead of having to send complex website files to people in order for them to be able to see your website, they’re able to simply type in your website URL and view it all there.  A web host, or web hosting service provider, is a business that provides the technologies and services needed for the website or webpage to be viewed in the Internet. Websites are hosted, or stored, on special computers called servers.

What are the different types of Web Hosting?

With all the different types of hosting available, it can be confusing as to which one is right for you. Do you choose shared hosting, a VPS, or a Dedicated server?

In this article we will cover the basics of the different types of hosting plans so you can find which type is the right one for you.

SHARED HOSTING

Shared hosting is the most classic and most popular hosting plan along most people on the world. Web hosting in which the service provider serves pages for multiple Web sites, each having its own Internet domain name, from a single Web server.  The main reason why people pick this plan is that they actually don’t need more than that. It’s also usually the cheapest hosting option.

You can opt for a Shared hosting if you fall in any of the following:

  1. Having a plan to start–up a venture using your own or borrowed capital.
  2. Expecting a low initial rate of visitors say 500 per day.
  3. Limited number of email accounts to be set up as you currently have only a limited number of employees.
  4. Planning to host and maintain only your web site and a couple of blogs etc.

 

VIRTUAL PRIVATE SERVER (VPS)

A virtual private server (VPS) is a virtual machine sold as a service by an Internet hosting service. A VPS runs its own copy of an operating system, and customers have superuser-level access to that operating system instance, so they can install almost any software that runs on that OS.

VPS hosting is more powerful than shared hosting, since everyone gets a nice private virtual server each. So technically, you get a nice chunk of server space etc for yourself. That’s a nice step up from the shared hosting option. So even though technically you’re on the same physical machine as others, you have your own little space – so no sharing with others. This usually means a better performance and faster loading speeds.

Who should go for a VPS ?

The users who have sites with huge volume of visits and complex tasks being executed VPS hosting is recommended. This is because such website requires high amount of resources and constant monitoring on the part of the server admin. VPS becomes bit expensive but if you need more resources it is better to go for a VPS.

DEDICATED SERVER HOSTING

Dedicated servers are often the fastest and most powerful choices available, though some of the high-end VPS options can give the lower performing dedicated servers a run for their money.

Leasing an entire server on which to host your website. You get access to all hardware and software from your web server software right down to the operating system all for a very hefty price.

Dedicated hosting is only for the heaviest of power users. The ability to control your own operating system often can mean your on your own when it comes to software support and by the nature of your own customization’s, should the hardware fail it can take more time to recover your site. If however you have security sensitive data on your website or a very high traffic load a dedicated server may be for you as you alone have access to the system meaning that all RAM/CPU/disk space/etc is under your full control.

The result is that performance should be very predictable, which is very important for those who are planning on hosting e-commerce solutions or planning on monetizing their website(s) in other ways.

Who should go for a Dedicated Server ?

Dedicated server is recommended for big companies and institutions who have huge data and perform multiple tasks and calculations. Dedicated server is expensive but you have full control over the server and you can install anything you require for your site. With a dedicated server you have ample resources to handle any volume of requests for your site.

CLOUD HOSTING

Cloud hosting is an entirely different, I guess you could say it’s a little like renting.

With normal hosting, you get a machine that gives you resources, like memory and CPU time. With Cloud hosting, you don’t have a machine. Your hardware is virtual, which brings a whole host of cool benefits.

It’s pretty advanced and can be pretty cost efficient when compared with the other types of hosting, but it’s definitely something that is trending on 2015 and beyond.

VPS Combination of Shared Hosting and Dedicated Server Important Features

vps-servers
vps-servers

A virtual private server or VPS hosting divides a server into virtual servers, where each websites is like hosted on their own dedicated server, but they’re actually sharing a server with a few different other users.

The users may have root access to their own virtual space and better secured hosting environment with this type of hosting. Websites that need greater control at the server level, but don’t want to invest in a dedicated server.

VPS hosting is a newer form of web hosting, VPS seeks to combine few of the attractive features offered by dedicated hosting with the affordability provided by shared hosting.

VPS hosting can be a great move if you are starting off with a resource intensive website that may need additional resources to function smoothly. Virtual dedicated hosting can also be a perfect upgrade if the resources being offered by shared hosting are not sufficient to keep your website going without any glitches.

This type of hosting provides more control over the assigned resources and better security at a significantly lower cost. A hybrid of shared hosting and dedicated hosting, it supports higher online traffic and more control like dedicated server but only at a fraction of the cost of dedicated hosting.

Users are given super level access to these servers, and each VPS gets its own copy of operating system along with resources like bandwidth, RAM, storage space, etc.

Account holders have the freedom to install and run all the software and applications that the chosen OS supports. Each account holder in a virtual private server environment gets a unique IP address and remains completely isolated from what others are doing on the same server.

There also fewer security issues with VPS hosting. Virtual private server accounts unlike shared hosting come with own unique IP addresses, and the virtualization layer means that you remain completely affected by any problems arising on other sites.

Getting the best out of your virtual server hosting

The actuality that you remain completely separate from other account holders residing on the same server is one of the best features of virtual dedicated server hosting.

You have your own dedicated set of resources assigned to your own hosting account ensuring that your website continues to perform at its optimum level despite extra resource consumption by other websites. This invariably leads to better security, more control, high levels of uptime and faster loading speed for your website.

Virtual private server offers control and security of dedicated hosting without the high cost associated with it. You only need to ensure that you have a quality and reputable service provider by our side who never fails to provide the resources that has been promised to you.

How to Choose the Best WebHost?

Choosing a Web host
Choosing a Web host

How can one decide if a web host is good?  Do bandwidth and disk storage features still matter these days? Which type of hosting service should you go with?

Whether you’re looking for your first host or looking to move on to a better one there are few simple steps you must follow to succeed in choosing a great host.

Choose a web hosting service?

  • Platform.
  • Reliability and uptime guarantees.
  • Upgrading options.
  • Check all hosting features.
  • Customer Service.
  • Cron Jobs, Auto Script Installer, .htaccess, and SSI.
  • An Easy-to-use Hosting Control Panel.
  • Read ToS to find out about account suspension and server usage policy.
  • Other supporting features (site backup, environmental friendliness, etc).

 

Platform

You can never get the right web host without knowing what you need. So before you go any further – put everything aside (including this guide you are reading) and think thoroughly on your own needs.

The first and most crucial step in choosing a web host is determining the platform the web server should run, usually a choice between Linux and Windows. Choice is largely determined by your website and the technologies used to create it, generally a website created with Microsoft technologies will run on Windows servers while most other sites using open source technologies will run on Linux based systems.

What To Look?

Uptime Scores / Server Reliability 

Nothing is more important than having a 24×7 operating web host.

You need a web host is operating on a powerful server and stable network connections. 99.9% and above is the recommended uptime score; anything below 99% is unacceptable.

Upgrading Options

If you expect your website to grow really big in next two or three years, then you should consider picking up a web host with room to grow.

By grow, I mean upgrading your web host – from shared hosting / Reseller hosting  to virtual private or dedicated server – for more processing power, memory capacity, disk storage, and better security features.

Customer Service

Customer service is another aspect that is often forgotten about until it is too late, something breaks and you need it fixed and those wonderfully handy sales people who were more than helpful in taking your money are now nowhere to be seen, all the while you’re losing out on sales every minute.

You shouldn’t settle for anything less than 24/7/365 service, your website needs to be running all the time so it’s no good if your hosting company doesn’t work during the holidays. Don’t take the web hosting companies word for it, they all claim 24/7 support but few back it up with consistent performance. Be sure to test them out at various times of the day and night via phone, email and live chat if they offer it.

Cron Jobs, Auto Script Installer, .htaccess, and SSI

I am always surprise that some web hosts out there still do not offer these basic hosting features nowadays. You need Cron for day-in-day-out operations, Auto Script Installer (like Fantastico, Simple Scripts, Quick Installer, Softaculous, and so on) for easy web apps installations and updates, .htaccess access for security/page redirects/etc purposes, Server Side Include (SSI) for easier site maintenance (especially when you are building a static site), and FTP access for easy file transfer.

You SHOULD NOT settle with hosting providers that do not supply the above features.

ECommerce Features

  • Are you running an e-commerce website?
  • Are you using any specific shopping cart software?
  • Do you need to process business transactions on your website?
  • Do you need special technical support (ie. PrestaShop guide, or so on)?

If yes, then it is important for you to pick a web host with sufficient e-commerce features support. SSL certification, dedicated IP, and one-click shopping cart software installation are some of the essential features/supports you will need.

An Easy-to-use Hosting Control Panel

A user-friendly and functional hosting control panel is very, very important.

It doesn’t matter if it’s a cPanel or a Plesk or a third party control panels we are okay as long as it is user-friendly and come with all the necessary functions. Without an adequate control panel, you will be left at the mercy of the hosting tech support staff – even if all you need is some basic server changes.

Account Suspension: What are the limitations?

Here’s a money tip that most hosting review sites will not tell you: Hosting companies will pull the plug and suspend your account if you are using too much CPU power (yes, unlimited hosting is limited) or violating the rules. So before you sign up on a web host, it is important that you read the TOS rules.

Site Backup

There are times when a site crashes, as do servers. Perhaps a hacker got into your WordPress blog and replaced your index.php file, or your entire database got nuked, or the server had a severe hard disk failure. Even with the advent of the cloud hosting product, a database crash can happen and it’s out of your or the host’s control.

That’s why the web hosting industry invented the backup data system to protect against their clients’ websites crashing and losing any unsaved information.

A proper web hosting company will offer backups, and the better ones will offer them for free with auto-updating cycles so you never have to worry about losing your data in the event of a website crash, hack or disaster. Your hosting provider should be able to restore back your full (or at least, a big chunk of) site in no time.

Here are a few key questions to ask your web host on backups:

  • Can site backup be done easily via the control panel?
  • Does your web host provide full backups regularly?
  • Can you take full backups of your website easily?
  • Can you restore your backup files by yourself easily?

Have a quick picture of what you want to do with your website now. Figure what happens next for the next 12 months.

For newbies, the no-brainer rule is to always start small with a good shared hosting account.

A shared hosting account is cheap, easy to maintain, and sufficient for most new sites. Plus, you can always upgrade to VPS or dedicated hosting in the later stage when your site grows bigger.

Get your website live and play Pokémon GO with free iPhone 6s

PokeMon-Go iPhone OfferIts summer time and the most exclusive and hottest web hosting deal for this summer is out there..

Get a chance to win Apple iPhone 6s and play Pokémon GO on your favourite phone to catch them all!

Signup with any of our web hosting plans as available on https://www.webhost.uk.net and get a chance to win a brand new Apple iPhone 6s, and play your favourite Pokémon GO to catch all of them. Additionally blast your summer with guaranteed 10% discount on any of our web hosting plans that you choose to signup.

How does this work? Follow these steps:

  • * Visit our website https://www.webhost.uk.net and choose any web hosting plans as per your requirement to proceed with signup by clicking on “Order Now”. The above offer is valid on our shared hosting plans, Reseller hosting, WordPress hosting, Vps Servers, Dedicated Servers and Cloud Servers.
  • * Enter coupon code “PokeMonGo” to get 10% exclusive discount and a chance to win brand new Apple iPhone 6s (16 GB), and proceed with payment.
  • * Once your order is processed, you will qualify for Apple iPhone 6s lucky draw which will be organized on Saturday of every week at 11:00 am GMT
  • * This is a limited offer and valid till 31st of August 2016.

Terms & Conditions:

  • * Only the orders which are placed from 21st of July 2016 to 31st of August 2016 and which use the coupon code “PokeMonGo” are eligible for iPhone 6s lucky draw.
  • * All customers who order any web hosting plan and make the payment for that order during the period mentioned above, automatically take part in the competition, provided they are at least 18 years of age as on 21st July 2016.
  • * One lucky winner chosen using a random lucky draw on Saturday of every week, will win a brand new Apple iPhone 6s 16 Gb.
  • * We will be contacting the lucky winner and the winner will have to claim his free iPhone 6s within one week. Failing to do so, will void his claim on free iPhone 6s he has won.
  • * The contact information provided during the order should be accurate as it will be used to contact the winner. Personal data shall not be disclosed to third parties under any circumstances.
  • * The lucky draw is to be held on Saturday of every week at 11:00 am GMT. The person who has won Apple iPhone 6s using above offer, will not be eligible for any other free Apple iPhone 6s to be offered in lucky draw afterwards.
  • * Cash payments as well as transfer of prizes to third parties is not possible.
  • * The colour of Apple iPhone 6s mobile handset may vary, depending on the availability of stock.
  • * WebhostUK Ltd reserves the right to discontinue or terminate the offer at any time without prior notice and without stating reasons. This particularly applies if proper implementation cannot be guaranteed due to technical or legal reasons. In such cases, participants are not entitled to make any claims whatsoever.
  • * WebhostUK Ltd further reserves the right to disqualify participant from the competition. This particularly applies in the event of violation of the Promotion Terms and Conditions or if participants make use of manipulation or any other unfair means of help.
  • * WebhostUK Ltd can also retrospectively disqualify participants, revoke prizes and reclaim them.
  • * Legal recourse is not possible. The law of United Kingdom applies exclusively. The General Terms and Conditions of WebhostUK Ltd https://www.webhost.uk.net/tos.html apply.

Hurry this is a limited offer and you could be one of the lucky person to get your iPhone 6s and play the most popular trending sensation Pokémon GO, to catch all those tiny creatures out there..!

 

Why to install a certificate on your primary IP address – Plesk

virus-trojan
virus-trojan

On Linux and probably also other UNIX platforms, there is an OpenSSh Ebury Trojan Horse. Without paying special attention, it’s hard to find it.

Besides that, on UNIX/Linux systems, it’s also very easy to create a Trojan to steal others’ ssh passphrase, for example, malicious person can create an alias when you use bash, so that when you run ssh command, it’s the alias gets called.

To make it more secure, I find the best solution is using AutoSSH from WZIS Software: It makes Trojan detectable: It can detect Ebury Trojan to prevent passphrase got stolen, and it can also detect system call tracing attack, dtrace kind of attack, can prevent TTY keylogger to steal passphrase. When passphrase is pre-encrypted with AutoSSH, no Trojan Horse will be able to steal your passphrase on the local machine. And because every time when you run AutoSSH for remote task automation, it will check first whether ssh command or the libraries it uses have been changed or not, before decrypt the passphrase, it’s the most efficient way to combat Ebury Trojan.

How to Whitelist an IP Address in ModSecurity

Whitelist an IP Address in ModSecurity
Whitelist an IP Address in ModSecurity

ModSecurity is a web layer firewall module. ModSecurity is free software released under the Apache license 2.x.

ModSecurity is one of the Apache server modules that provides website protection by defending from hackers and other malicious attacks.

It is a set of rules with regular expressions that helps to instantly ex-filtrate the commonly known exploits.

Modsecurity obstructs the processing of invalid data (code injection attacks) to reinforce and nourish server’s security

With a good, strict ruleset for mod_security, the firewall may occasionally block you as a false positive when trying to post certain content to the server.  Disabling the entire rule seems too extreme. Default rules can’t be edited. A simple solution is to add your PC or workstation’s public IP address to the mod_security whitelist, avoiding the need to temporarily disable mod_security rule enforcement, most ideal way to whitelist would be based on two factors (rule + hostname, or ip + hostname, ip + rule, etc) If I just disable the entire rule it would open up the server to any IP address.

Edit modsec2.whitelist.conf configuration file.  On cPanel/WHM servers using Config Server’s ModSec Control plugin, use the plugin interface in WHM to locate and edit modsec2.whitelist.conf. On other Linux servers, the file name will contain whitelist.conf.

I can probably help you with that if you have the error log entry. There are ways to disable rules on a per IP basis using ctl. For example if rule ID 99999 is tripping for localhost (127.0.0.1) something like this would probably fix it:

SecRule REMOTE_ADDR “127\.0\.0\.1″ id:28374,pass,ctl:ruleRemoveById=99999”

This would need to be specified in configs before the rule which it is disabling.

To fully whitelist a remote address it’s very similar to the above rule:

SecRule REMOTE_ADDR “127\.0\.0\.1” “id:28375,allow”

Make sure to replace the IP address numbers with your own IP address. You can enter “what is my IP” on Google if you’re unsure.

With the above rule in place, no mod_sec rules will be checked for your IP address.