Terminated account and dedicated IP does not show as available – how to return an available dedicated IP to the pool in WHM

If you’ve terminated an account to get back a dedicated IP does not show as available – how to return an available dedicated IP to the pool in WHM

In terminal:

Then rebuild the IP address pool in WHM and you should see the free dedicated IP available.

WHM remove dedicated IP from websites so you can share the IP

If the IP is already dedicated to a domain/account you will have to first SSH to the server.

Then you want to edit the file /etc/domainips
Remove/delete the line that contains the IP and its current dedicated domain and save.

Next edit the file /var/cpanel/mainips/root
Add the IP you would like to share to a new line and save

At this point you should be able to go into WHM and assign the IP to multiple accounts.

Email SRS support for Cpanel and Exim

Built-in SRS support under Advanced Exim Configuration Editor in WHM.

For nearly a year I’ve had SRS enabled on the cPanel servers I maintain. Of course, when Exim gets updated I have to redo the configuration.

But it only takes adding seven lines of code to Exim, and I have never had a single problem with forwarded emails not being delivered / being rejected since implementation. I really can’t think of any good reason why SRS support is not available in cPanel at this point.

A search engine search for “cpanel SRS support” will yield instructions for manually activating SRS within Exim on a cPanel server.


Suggested file permissions for wordpress on an apache server

Please reference this URL for your WordPress sites: https://codex.wordpress.org/Changing_File_Permissions

See section “Shared Hosting with suexec”

In such an suexec configuration, the correct permissions scheme is simple to understand.

• All files should be owned by the actual user’s account, not the user account used for the httpd process.
• Group ownership is irrelevant, unless there’s specific group requirements for the web-server process permissions checking. This is not usually the case.
All directories should be 755 or 750.
• All files should be 644 or 640. Exception: wp-config.php should be 440 or 400 to prevent other users on the server from reading it.
• No directories should ever be given 777, even upload directories. Since the php process is running as the owner of the files, it gets the owners permissions and can write to even a 755 directory.

chmod directories recursively – change permissions on folders and files for tight security on wordpress

find /home/username/public_html -type d -exec chmod 750 {} \;

To chmod files recursively using find:
find /home/username/public_html -type f -exec chmod 640 {} \;
(for higher security on wordpress)

Apache fasstcgi mods

I run suExec so each account will run as the owner of the account.

Fastcgi mods added to the Apache post_virtualhost_global.conf (WHM>Service Configuration>Apache Configuration>Post VirtualHost Include>All Versions)

<IfModule fcgid_module>
FcgidMaxRequestLen 52428800

<IfModule mod_fcgid.c>
FcgidMaxProcesses 150
FcgidMaxProcessesPerClass 100
FcgidIOTimeout 300
FcgidMinProcessesPerClass 1
FcgidIdleTimeout 300
FcgidIdleScanInterval 120
FcgidBusyTimeout 300
FcgidBusyScanInterval 120
FcgidErrorScanInterval 10
FcgidZombieScanInterval 3
FcgidProcessLifeTime 3600

Fix Heartbleed bug by quick update for openSSL on apache

yum update openssl* -y
This will update openSSL to the newest version for apache on CentOS

To check your server to see if it’s vulnerable to the Heartbleed bug: https://www.ssllabs.com/ssltest/

chown all files on a website to change owner

chown -v -R registration:registration public_html

The first part registration: is the group the second part :registration is the owner

-v is verbose

-R is recursive

So this will change the group and owner of every file and folder nested inside public_html

Locked out of my own firewall

CSF is the first culprit if you are locked out of your own server firewall after too many failed login attempts from a certain IP.

The block was in your firewall, not cpHulk.
The IP was listed in /etc/csf/csf.deny and /var/lib/csf/csf.tempip and /var/lib/csf/csf.tempban
You can whitelist the IP in your firewall by placing the IP in /etc/csf/csf.allow, then running csf -r

Next you can place your external IP in the whitelist of cPHulk:

WHM > Security Center > cPHulk brute force protection > White/Black list > Quick Add your current external IP to: White List (Trusted IP List)

To find your external IP:


Easy update Ioncube loader

For Apache server running CentOs:

yum update ioncube
ioncube -v
php -v
/scripts/phpextensionmgr install IonCubeLoader
php -v