A vulnerability has been identified in SWsoft Plesk, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This issue is caused by input validation errors in the “login.php3″ and “login_up.php3″ scripts when processing the “locale_id”, which could be exploited to conduct directory traversal attacks and disclose the contents of arbitrary files.

Affected Products

SWsoft Plesk version 7.6.1 for Windows
SWsoft Plesk version 8.1.0 for Windows
SWsoft Plesk version 8.1.1 for Windows

Here is what you can do –

Apply patch for Plesk 7.6.1 :
http://download1.swsoft.com/Plesk/Autoupdate/Windows/7.6.1/

Apply patch for Plesk 8.1.0 :
http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.0/

Apply patch for Plesk 8.1.0 + plesk_8.1.0_update070216.19 :
http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.0.3/

Apply patch for Plesk 8.1.1 :
http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.1/

For further details check this –
http://kb.swsoft.com/en/1798
http://www.frsirt.com/

On May 2nd 07, cPanel announced the release of cPanel 11 (its still beta version) — They claim some new key features –

Here is screenshoot –

Details of cPanel 11 can be found at http://www.cpanel.net/cpanel11

Thank You,
Sachin J
ThinkSupport Solutions

I confirmed twice before login to 2checkout – I typed 2checkout.com and it took me to new home page – thought if it was some phishing

Looks like just new design for home page and added community forums (Rest vendor login is same )

Thank You,
Sachin J.
ThinkSupport Solutions

You can use the following steps to install and configure Nagios.

Create the base directory where you would like to install Nagios.
mkdir /usr/local/nagios

Add a new user (and group) to your system.
adduser nagios

Download Nagois 1.0.
wget http://internap.dl.sourceforge.net/sourceforge/nagios/nagios-1.0.tar.gz
tar -zxvf nagios-1.0.tar.gz
cd nagios-1.0

Run the configure script.
./configure –prefix=/usr/local/nagios –with-cgiurl=/nagios/cgi-bin
–with-htmurl=/nagios/ –with-nagios-user=nagios –with-nagios-grp=nagios

Compile Nagios and the CGIs.
make all

Install the binaries and HTML files (documentation and main web page).
make install

Install the sample init script to /etc/rc.d/init.d/nagios.
make install-init

Installing the Plugins
——————————-

In order for Nagios to be of any use to you, you’re going to have to download
and install some plugins. Plugins are scripts or binaries which perform all
the service and host checks that constitute monitoring

Download and install the Nagios Plugins.
wget

http://aleron.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.3.1-1.9.i386.rpm

rpm -Ivh nagios-plugins-1.3.1-1.9.i386.rpm

Configuring Nagios
—————————

Nagios is compiled and installed. Now we have to configure it or in other
words define objects (hosts, services, etc.) that should be monitored.

The main configuration file (/usr/local/nagios/etc/nagios.cfg) contains a
number of directives that affect how Nagios operates. This config file is
read by both the Nagios process and the CGIs. This is a sample nagios.cfg

—————————————————————————————————————–
log_file=/usr/local/nagios/var/nagios.log
cfg_file=/usr/local/nagios/etc/checkcommands.cfg
cfg_file=/usr/local/nagios/etc/misccommands.cfg
cfg_file=/usr/local/nagios/etc/contactgroups.cfg
cfg_file=/usr/local/nagios/etc/contacts.cfg
cfg_file=/usr/local/nagios/etc/dependencies.cfg
cfg_file=/usr/local/nagios/etc/escalations.cfg
cfg_file=/usr/local/nagios/etc/hostgroups.cfg
cfg_file=/usr/local/nagios/etc/hosts.cfg
cfg_file=/usr/local/nagios/etc/services.cfg
cfg_file=/usr/local/nagios/etc/timeperiods.cfg
resource_file=/usr/local/nagios/etc/resource.cfg
status_file=/usr/local/nagios/var/status.log
nagios_user=nagios
nagios_group=nagios
check_external_commands=1
command_check_interval=45s
command_file=/usr/local/nagios/rw/nagios.cmd
comment_file=/usr/local/nagios/var/comment.log
downtime_file=/usr/local/nagios/var/downtime.log
lock_file=/usr/local/nagios/var/nagios.lock
temp_file=/usr/local/nagios/var/nagios.tmp
log_rotation_method=d
log_archive_path=/usr/local/nagios/archives
use_syslog=0
log_notifications=1
log_service_retries=1
log_event_handlers=1
log_initial_states=1
log_external_commands=1
log_passive_service_checks=1
inter_check_delay_method=s
service_interleave_factor=s
max_concurrent_checks=0
service_reaper_frequency=1
sleep_time=1
service_check_timeout=30
host_check_timeout=30
event_handler_timeout=30
notification_timeout=30
ocsp_timeout=5
perfdata_timeout=5
retain_state_information=1
state_retention_file=/usr/local/nagios/var/status.sav
retention_update_interval=60
use_retained_program_state=0
interval_length=20
use_agressive_host_checking=0
execute_service_checks=1
accept_passive_service_checks=1
enable_notifications=1
enable_event_handlers=1
process_performance_data=0
obsess_over_services=0
check_for_orphaned_services=0
check_service_freshness=1
freshness_check_interval=60
aggregate_status_updates=1
status_update_interval=15
enable_flap_detection=1
low_service_flap_threshold=5.0
high_service_flap_threshold=20.0
low_host_flap_threshold=5.0
high_host_flap_threshold=20.0
date_format=us
illegal_object_name_chars=`~!$%^&*|’”<>?,()=
illegal_macro_output_chars=`~$&|’”<>
admin_email=you@yourdomain.com
admin_pager=you@yourdomain.com
——————————————————————————————

Add the list of servers that you want to monitor in
/usr/local/nagios/etc/hosts.cfg

——————————————————————————————
# ‘server42′ host definition
define host{
use generic-host
host_name (server hostname)
alias (hostname)
address IP Address
check_command check-host-alive
max_check_attempts 10
notification_interval 120
notification_period 24×7
notification_options d,u,r
}
# ‘server43…..

——————————————————————————————

Edit /usr/local/nagios/etc/hostgroups.cfg to add all the servers.

——————————————————————————————
define hostgroup{
hostgroup_name tchosting
alias TotalChoice
contact_groups tchosting
members server40,server41,server42
}
—————————————————————————————–

To setup email and pager notifications edit
/usr/local/nagios/etc/contacts.cfg to add your contact info.

—————————————————————————————–
define contact{
contact_name Ninad
alias ninad
service_notification_period 24×7
host_notification_period 24×7
service_notification_options n
host_notification_options d,u,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email ninad@thinksupport.net
}
—————————————————————————————–

The contact name must be a member of contact group. Edit
/usr/local/nagios/etc/contactgroups.cfg to add your name.

Enjoy

Ninad

HowTo enable FP extensions for an addon domain
——————————————————————-
A) We won’t be able to install FP extensions on addon domain basically for
two reasons.

1) There won’t be a ServerName entry for the addon domain in the Apache config file and hence the install program will show an error like
the “domain” is not a valid virtual server.

2) FrontPage extension install program won’t install extensions in a directory which comes under another domains web root having FP extensions already installed.

To overcome these hurdles you can do the following.

1) Comment out the existing ServerName entry for the subdomain.

2) Create a new ServerName entry for <www.addondomain> in the corresponding subdomain’s VirtualHost entry.

3) Create a temporary folder in the document root of main domain and MOVE all .htaccess* and _* files from public_html in to the new directory.

4) Remove the _* and .htaccess files(created by FP) from the addon domain’s folder.

5) Verify the access.conf file in apache config directory and ensure that the AllowOverride directive is set to ‘All’. Some times this will not be enough for us to continue, hence, you have to make sure that the AllowOverride is set to ‘All’(by default it will
be ‘None’) in Apache config file.
Change only the directive inside <Directory “/usr/local/apache/htdocs”> entry.

6) Restart Apache and run the install program from back end.

#/usr/local/frontpage/version5.0/bin/owsadm.exe -o install -u $USERNAME -xuser $USERNAME -xgroup $USERNAME -p 80 -m $DOMAIN -pw $PASSWORD -s /usr/local/apache/conf/httpd.conf
where
$USERNAME give control panel login name
$DOMAIN give addon domain use www.addon.com
$PASSWORD choose a password

7) Restore the changes you made in the Apache config file.

Cool Move the .htaccess* and _* files from the backup directory (main domain web root).

If you are still having problems with connecting to the server using
FrontPage please make sure that the server name is http://www.addondomainname and you may also want to close the FP program and
start again to clear cache.

Enjoy

Ninad

This will be my first post about ASP.Net Ajax.In this post I’m going to show you a very simple example where I will from a Web Form call a Web Service without reloading the page.
When we will use ASP.Net Ajax on our pages we need to add the <atlas:ScriptManager> element. The ScriptManager will automatically add the references to the required JavaScript files that provide Atlas functionality. So it’s required on every page where we will use the ASP.Net Ajax features.
When we want to add a reference to our WebService we use the Service child element of the ScriptManager:
<atlas:ScriptManager runat="server" ID="scriptManager">
<services>
<atlas:servicereference path="~/MyWebService.asmx" />
</services>
</atlas:ScriptManager>
The code above will add a reference to “MyWebService.asmx”.
Let’s take a look at the MyWebService:

using System;
using System.Web;
using System.Collections;
using System.Web.Services;
using System.Web.Services.Protocols;

[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class MyWebService : System.Web.Services.WebService
{
public MyWebService()
{
}

[WebMethod]
public string MyMethod(string value)
{
return value;
}
}

As you can see in the code above, it’s a simple Web Service with the method MyMethod. MyMethod will return the value passed as an argument.

When we have added a reference to our WebService we can simply call it from client-side script by using the name of the WebService as the object:

function CallMyWebService()
{
MyWebService.MyMethod(“My Value”, OnRequestComplete);
}

When we call a WebService we need to specify a client-side method that will be called when our Web Service is done with the execution. The OnRequestComplete (you can change the name if you like) is required because the call to the web Service is asynchronous, and we need to specify a method that should be called on the client-side to notify the client when the execution is done.

function OnRequestComplete(result)
{
alert(result);
}

More than this is not needed to call a WebService with ASP.Net Ajax. Here is the code of the WebForm that will call our WebService:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default2.aspx.cs" Inherits="Default2" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>

<script language="javascript" type="text/javascript">
function CallMyWebService()
{
MyWebService.MyMethod("Value by Sachin", OnRequestComplete);
}

function OnRequestComplete(result)
{
alert(result);
}
</script>
</head>
<body>
<form id="form1" runat="server">
<div>
<atlas:ScriptManager ID="scriptManger1" runat="server">
<Services>
<atlas:ServiceReference Path="~/MyWebService.asmx" />
</Services>
</atlas:ScriptManager>
<input type="button" onclick="CallMyWebService();" id="myButton" value="Call MyWebService"/>
</div>
</form>
</body>
</html>

Regards,
Sachin D

To make your own error pages download our templates that are initally placed in the root of /public_html/ directory.

400.shtml
401.shtml
403.shtml
404.shtml
500.shtml
509.shtml

These are the files that you will need to edit. Simply FTP these down to your home computer and then edit them with a HTML editor.

The varibles that you can insert can be found in those above documents and also in the control panel. If you look in the custom error page part then you can view the codes.

Once edited, place them in the /cpanel3-skel/public_html/ directory. You can also include a holding page (call it index.html) like the one we use.
When you then create an account with Web host manager it will automatically put these files into the newly created accounts directory.

To list the number of messages, use:

exim -bpc

To list all the messages in the queue, use:

exim -bp

To get a summary of all the messages waiting for delivery, use:

exim -bp|exiqsumm -c

This will produce a summary of all messages, listed in order of quantity to each destination (domain).

Merriam-Webster defines propagation as:

the act or action of propagating : as a : increase (as of a kind of organism) in numbers b : the spreading of something (as a belief) abroad or into new regions c : enlargement or extension (as of a crack) in a solid body

For our purposes, definition B is most appropriate. Quite literally, propagation is the time during which your DNS Zone information is spread abroad to servers that didn’t know about it before.

Why does it take so long? There are various reasons, but some studies have suggested that there are literally millions of DNS Servers that need to be notified of the new information!

Propagation takes two forms, changes to your DNS Zone and changes to your WHOIS information. The WHOIS is the master record that tells every DNS Server in the world which is the authoritative server for your domain. A change to your WHOIS information (done by your domain registrar) can take up to 72 hours to propagate fully. A change to your DNS Zone information typically affects only a handful of servers, and so is done much more quickly.

Your mail server host name for all mail services is:
<pre>
mail.[your domain name.tld]
</pre>
Where ‘[your domain name.tld]‘ is replaced by your actual domain name you host with us.