Technical Support
Technical support is available from any of the options below. All support requests must be made in English. You must be logged into our client area to open a ticket with the support, billing, and licensing departments.
The current local date and time is Monday - 2023-06-05 16:41 MDT.
Knowledgebase
Self help questions and answers for product support, including pre-sales questions.
Documentation
View our product manuals, changelog information, and support documentation.
Support Tickets
We are here to help, 24 hours a day, 7 days a week. Priority support is available Mon-Fri 8:00 to 17:00 MST.
Downloads
Login to our client area to access your product downloads.
Installation Instructions
Learn how to install the product.
Getting Started
Learn how to configure the product.
Troubleshooting
Having problems? Learn how to diagnose and debug issues.
Knowledgebase
Self help questions and answers for product support, including pre-sales questions.
How to test SpamAssassin
To test the spam filter, it is necessary to send a Gtube test spam email using the command below (Replacing emailonserver@example.com with a real email account on the server). If the Anti-spam is working correctly you will see it listed in the maillog and in Warden log under Warden -> Logs -> Message Log. While testing, note that Gtube test email gives +1000 scores to spam. So, even if a mailbox is in the whitelist, mail still be detected as spam because whitelisted email gets -100 scores.
Disable Greylisting:
If greylisting is enabled then you must disable it on the recipient domain before running these tests.
/usr/local/psa/bin/grey_listing --update-domain example.com -status off
Centos/RHEL/CloudLinux/AlmaLinux:
echo "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X" | mail -S smtp=localhost -r sender@test.com -s "Spam test example" emailonserver@example.com
Debian/Ubuntu:
apt-get install s-nail
echo "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X" | s-nail -S smtp=localhost -r sender@test.com -s "Spam test example" emailonserver@example.com
How to test ClamAV
To test the virus filter, it is necessary to download the eicar test virus email and send it using the command below (Replacing emailonserver@example.com with a real email account on the server). If the Anti-virus is working correctly you will see it get blocked and it will be listed in the maillog and in Warden -> Logs -> Message Log.
Disable Greylisting:
If greylisting is enabled then you must disable it on the recipient domain before running these tests.
/usr/local/psa/bin/grey_listing --update-domain example.com -status off
Centos/RHEL/CloudLinux/AlmaLinux:
wget http://www.eicar.org/download/eicar.com.txt
echo "TEST MESSAGE w/ ATTACHMENT" | mail -S smtp=localhost -r sender@test.com -s "A/V test example" -a eicar.com.txt emailonserver@example.com
Debian/Ubuntu:
apt-get install s-nail
wget http://www.eicar.org/download/eicar.com.txt
echo "TEST MESSAGE w/ ATTACHMENT" | s-nail -S smtp=localhost -r sender@test.com -s "A/V test example" -a eicar.com.txt emailonserver@example.com
View Full Article...
Check the Status of the ClamAV Daemon
You can check the ClamAV daemon status under the Anti-virus line in the Services dashboard widget. It should be green and Active. You can click on the Active or Inactive in the status column to get more information.
Check the Status of the ClamAV Daemon From the Command Line
AlmaLinux/Centos/RockyLinux/RHEL/CloudLinux
systemctl status clamd@scan
Debian/Ubuntu
systemctl status clamav-daemon
Checking the Current Configuration From the Command Line
You can view the current ClamAV configuration using the clamconf command:
clamconf
Viewing the ClamAV Daemon Logs
You can view the ClamAV deamon logs under Warden -> Logs -> Anti-virus Logs. To view the logs on the command line:
AlmaLinux/Centos/RockyLinux/RHEL/CloudLinux
tail -f /var/log/clamd.scan
Debian/Ubuntu
tail -f /var/log/clamav/clamav.log
Monitoring the ClamAV Daemon Memory and CPU Usage
Administrators can use the clamdtop command to monitor ClamAV daemon memory and CPU usage statistics from the command line:
RHEL/Almalinux/CloudLinux/RockyLinux
clamdtop --config-file=/etc/clamd.d/scan.conf
Debian/Ubuntu
clamdtop --config-file=/etc/clamav/clamd.conf
High Server Load / CPU Usage Problems
Normally high server load is caused by the clamscan binary when the ClamAV daemon is down. By default Amavis will fall back to the secondary clamscan binary when the ClamAV daemon is down or having problems. Note that the clamscan binary is NOT the same as clamd. Clamd is the highly efficient daemon version of ClamAV while clamscan is the inefficient non-demonized version. Clamscan is not suitable for scanning large amounts of mail because the ClamAV signatures have to be loaded into memory for every scan (This is what causes the high load on the server). Look below for how to disable the clamscan secondary fallback scanner if you don't want Amavis to fall back to it.
How to Disable the Clamscan Fallback Scanner
To disable the secondary fallback scanner go to Warden -> Settings -> Scanner Settings -> Scanner backup template -> set it to None. Then press the Update button to save the page.
ClamAV Memory Problems
The most common problem is not enough free memory for the ClamAV daemon. You can check the free memory of the server using the command: free -m:
# free -m
total used free shared buff/cache available
Mem: 64049 30895 15313 3113 17840 29387
Swap: 15259 4333 10926
If the server is running low on free memory sometimes the out of memory killer (OOM Killer) will kill the ClamAV daemon. We recommend a minimum of at least 4 GB of server memory (sometimes more depending on how many services you have running):
// AlmaLinux/Centos/RockyLinux/CloudLinux/RHEL
zgrep "Out of memory" /var/log/messages*
// Debian/Ubuntu
zgrep "Out of memory" /var/log/syslog*
Jun 19 19:35:21 el8p18 kernel: Out of memory: Killed process 1650121 (clamd) total-vm:3118856kB, anon-rss:2262988kB, file-rss:0kB, shmem-rss:0kB, UID:981 pgtables:5888kB oom_score_adj:0
Jun 19 20:30:33 el8p18 kernel: Out of memory: Killed process 1992340 (clamd) total-vm:3072516kB, anon-rss:1895824kB, file-rss:0kB, shmem-rss:0kB, UID:981 pgtables:5792kB oom_score_adj:0
Jun 19 21:22:52 el8p18 kernel: Out of memory: Killed process 2007089 (clamd) total-vm:3093760kB, anon-rss:1779240kB, file-rss:0kB, shmem-rss:0kB, UID:981 pgtables:5816kB oom_score_adj:0
Create a Swap File if your VM Doesn't Have One
Some times service providers create a virtual machine without any swap file. If your virtual machine doesn't have a swap file then you should create one. You can check if your VM has a swap file using the command:
# cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-1 partition 2097148 735832 -2
Instructions for creating a swap file can be found here.
Disable the Out of Memory Killer for ClamAV
Edit the ClamAV service file:
// RHEL/CloudLinux/AlmaLinux/RockyLinux
systemctl edit --full clamd@scan
// Debian/Ubuntu
# systemctl edit --full clamav-daemon
Add the option OOMScoreAdjust=-1000 to the [Service] section:
Example (taken from Ubuntu 22.04):
[Unit]
Description=Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/
# Check for database existence
ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}
[Service]
ExecStart=/usr/sbin/clamd --foreground=true
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
StandardOutput=syslog
TimeoutStartSec=420
OOMScoreAdjust=-1000
[Install]
WantedBy=multi-user.target
Restart ClamAV
// RHEL/CloudLinux/AlmaLinux/RockyLinux
systemctl restart clamd@scan
// Debian/Ubuntu
systemctl restart clamav-daemon
Disable Concurrent Database Reloads to Free Up Memory
If the option ConcurrentDatabaseReload in enabled in ClamAV then during a database reload clamd will load the new DB first and then drop the old one. This concurrent database reload strategy allows it to keep scanning files while loading the new database. The drawback is that it requires twice as much memory as during normal operations. As a result the clamd process can keep getting killed. For servers with under 8 GB of memory we recommend that you disable this option. You can disable this under Warden -> Settings -> Anti-virus Settings -> Concurrent database reload (make sure it is unchecked).
Adjusting How Much Memory Amavis Uses
Admins can adjust how much free memory Amavis uses by lowering the Max servers option under Warden -> Settings -> Content Filter -> Filter Settings. See here for more information.
View Full Article...
Reject log
In the Warden reject log you see the message: Service unavailable - try again later.
In the /var/log/maillog
Nov 6 02:57:42 el7p17 postfix/smtpd[18663]: 1934840B4BF3: milter-reject: DATA from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; from=<sender@example.com> to=<test@example.com> proto=SMTP helo=<localhost.localdomain>
Nov 6 02:57:44 el7p17 postfix/smtpd[18663]: A914C40B4BF3: milter-reject: DATA from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; from=<sender@example.com> to=<test@example.com> proto=SMTP helo=<localhost.localdomain>
This is normal behaviour when you have greylisting spam protection enabled. This option can be found under Tools & Settings -> Mail -> Spam Filter.
What is Greylisting?
Greylisting is a powerful Anti-Spam technology that is used to detect if the sending server of a message is RFC compliant. This is done through temporarily blocking unknown senders and caching details of the initial message. Since a majority of SPAM Servers or SPAMBots are not, large volumes of unwanted emails can potentially be filtered during SMTP transmission. Compliant Sending Mailservers, however, will resend the message after a short delay and it will be permitted.
How does Greylisting work?
When a message from an unknown sender arrives, it will be initially blocked by Greylisting. This block is in the form of a temporary 451 Error being returned to the Sending Server. This temporary error is considered by this server to be a "Delivery Delayed" notification and will resend the message after a period of time.
View Full Article...
ClamAV Problems
First check and see that the ClamAV daemon is running properly. See: How can I check the status of ClamAV and fix any problems?
Password Protected Archives
Amavis will prepend to Subject (for local recipients only) if mail could not be decoded or checked entirely, e.g. due to password-protected archives.
To Disable the UNCHECKED Header
To disable this on Centos/RHEL edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and add the line (before the last line 1;):
$undecipherable_subject_tag = undef;
After making the changes restart Amavis:
// Centos/RHEL/CloudLinux/AlmaLinux
systemctl restart amavisd
// Debian/Ubuntu
systemctl restart amavis
View Full Article...
As of ClamAV 0.103.2 the SafeBrowsing config option was deprecated. See here for more information. To fix the error edit the file freshclam.conf and comment out the SafeBrowsing line in the config file. You can use the command:
Centos/RHEL/Cloudlinux/AlmaLinux
sed -i -e "s/^SafeBrowsing /#SafeBrowsing /" /etc/freshclam.conf
Debian/Ubuntu
sed -i -e "s/^SafeBrowsing /#SafeBrowsing /" /etc/clamav/freshclam.conf
This has been fixed in Warden 2.08-1 and Sentinel 1-14-1 which was published to the Plesk extension directory.
View Full Article...
When trying to start Amavis you see this in the mail log:
Oct 02 03:20:15 condor3648 systemd[1]: Starting LSB: Starts amavisd-new mailfilter...
Oct 02 03:20:16 condor3648 amavis[1697]: starting. /usr/sbin/amavisd-new at condor3648.startdedicated.com amavisd-new-2.11.0 (20160426), Unicode aware, LC_ALL="C", LANG="en_US.UTF-8"
Oct 02 03:20:16 condor3648 amavis[1705]: (!)Net::Server: 2020/10/02-03:20:16 Can't connect to TCP port 10024 on ::1 [Cannot assign requested address]\n at line 64 in file /usr/share/perl5/Net/Server/Proto/TCP.pm
Oct 02 03:20:16 condor3648 amavis[1690]: Starting amavisd: amavisd-new.
Oct 02 03:20:16 condor3648 systemd[1]: Started LSB: Starts amavisd-new mailfilter.
To fix this edit the file /etc/amavisd/warden.conf on Centos/RHEL/Cloudlinux/AlmaLinux or /etc/amavis/conf.d/99-warden on Debian/Ubuntu and add the following line:
$inet_socket_bind = '127.0.0.1';
Now restart Amavis:
Centos/RHEL/CloudLinux/AlmaLinux
systemctl restart amavisd
Debian/Ubuntu
systemctl restart amavis
View Full Article...
Bad Header Destiny
By default mail with bad headers is quarantined for review but are still delivered to the users mailbox. If you would like to change this to discard or reject mail with bad headers you can change the setting under Warden -> Settings -> Filter Settings -> Final bad header destiny from pass to discard or reject.
To disable all bad header tests:
To disable all bad header tests on Centos/RHEL/CloudLinux/AlmaLinux edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and search for the @bypass_header_checks_maps option.
Change from:
@bypass_header_checks_maps = (\%bypass_header_checks, \@bypass_header_checks_acl, \$bypass_header_checks_re);
Change to:
@bypass_header_checks_maps = [1];
After making these changes restart Amavis:
// Centos/RHEL/CloudLinux/AlmaLinux
systemctl restart amavisd
// Debian/Ubuntu
systemctl restart amavis
To disable all bad header tests for a specific policy bank (outgoing email only):
Go to Warden -> Settings -> Policy Banks and set the Disable bad header filter to Yes for the policy you want to disable it on.
To disable specific bad header tests:
There is an $allowed_header_tests option by which you can define what should be looked up during the bad-header checks, and the list is as follows:
other catchall for everything else - normally not used
mime Bad MIME (sub)headers or bad MIME structure
8bit Invalid non-encoded 8-bit characters in header
control Invalid control characters in header (CR or NUL)
empty Folded header field made up entirely of whitespace
long Header line longer than RFC 2822 limit of 998 characters
syntax Header field syntax error missing Missing required header field
multiple Duplicate or multiple occurrence of a header field
To disable certain tests on Centos/RHEL/CloudLinux/AlmaLinux edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and search for the $allowed_header_tests option. Setting a test to 0 will disable that test:
$allowed_header_tests{'multiple'} = 0;
$allowed_header_tests{'missing'} = 0;
After making these changes restart Amavis:
// Centos/RHEL/CloudLinux/AlmaLinux
systemctl restart amavisd
// Debian/Ubuntu
systemctl restart amavis
View Full Article...
ClamAV refuses to start and when viewing the status you see ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not met. This error means that ClamAV wasn't able to download any anti-virus signatures.
# systemctl status clamav-daemon
● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: inactive (dead) since Thu 2021-09-09 04:02:59 MDT; 16min ago
Condition: start condition failed at Thu 2021-09-09 04:08:49 MDT; 11min ago
└─ ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not met
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Common Problems
Freshclam should only be run once per hour as ClamAV will rate limit you otherwise:
# /usr/bin/freshclam -d --foreground=true
Thu Sep 9 04:22:56 2021 -> ClamAV update process started at Thu Sep 9 04:22:56 2021
Thu Sep 9 04:22:57 2021 -> ^Can't download daily.cvd from https://database.clamav.net/daily.cvd
Thu Sep 9 04:22:57 2021 -> ^FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN).
Thu Sep 9 04:22:57 2021 -> This means that you have been rate limited by the CDN.
Thu Sep 9 04:22:57 2021 -> 1. Run FreshClam no more than once an hour to check for updates.
Thu Sep 9 04:22:57 2021 -> FreshClam should check DNS first to see if an update is needed.
Thu Sep 9 04:22:57 2021 -> 2. If you have more than 10 hosts on your network attempting to download,
Thu Sep 9 04:22:57 2021 -> it is recommended that you set up a private mirror on your network using
Thu Sep 9 04:22:57 2021 -> cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
Thu Sep 9 04:22:57 2021 -> CDN and your own network.
Thu Sep 9 04:22:57 2021 -> 3. Please do not open a ticket asking for an exemption from the rate limit,
Thu Sep 9 04:22:57 2021 -> it will not be granted.
Thu Sep 9 04:22:57 2021 -> ^You are on cool-down until after: 2021-09-09 08:22:57
Thu Sep 9 04:22:57 2021 -> main database available for download (remote version: 61)
You can try to download them manually and check for any errors:
Centos/RHEL/CloudLinux/AlmaLinux
// first stop the freshclam service (Centos/RHEL/CloudLinux/AlmaLinux 8 only)
systemctl stop clamav-freshclam
// run the freshclam command to try to download the signatures and check for any errors
/usr/bin/freshclam -d --foreground=true
// start up the freshclam service (Centos/RHEL/CloudLinux/AlmaLinux 8 only)
systemctl start clamav-freshclam
// try to start clamav
systemctl restart clamd@scan
Debian/Ubuntu
// first stop the freshclam service
systemctl stop clamav-freshclam
// run the freshclam command to try to download the signatures and check for any errors
/usr/bin/freshclam -d --foreground=true
// start up the freshclam service
systemctl start clamav-freshclam
// try to start clamav
systemctl restart clamav-daemon
Manually Downloading Signatures
As a last resort you can manually download ClamAV signatures from us to get ClamAV started:
// Centos/RHEL/CloudLinux/AlmaLinux
cd /var/lib/clamav/
wget https://www.danami.com/hotfix/clamav/main.cvd
wget https://www.danami.com/hotfix/clamav/daily.cld
chown clamupdate:clamupdate main.cvd
chown clamupdate:clamupdate daily.cld
systemctl restart clamd@scan
// Debian/Ubuntu
cd /var/lib/clamav/
wget https://www.danami.com/hotfix/clamav/main.cvd
wget https://www.danami.com/hotfix/clamav/daily.cld
chown clamav:clamav main.cvd
chown clamav:clamav daily.cld
systemctl restart clamav-daemon
View Full Article...
Installation Instructions
Learn how to install the product.
Getting Started
Learn how to configure the product.
Troubleshooting
Having problems? Learn how to diagnose and debug issues.
Knowledgebase
Self help questions and answers for product support, including pre-sales questions.
This error means that your service provider is limiting the amount if iptables rules (numiptent) that your VPS is allowed to create. Your provider can easily raise this limit using the command below on the hardware note (it can't be run inside your VPS). If your provider refuses to raise this limit then it's time to look for a new service provider as they do not really care about your security.
vzctl set CID --numiptent 10000 --save
Users using Virtuozzo with a limit set will not be able to use the country or blocklists as they will usually put them over their limit.
Users can limit the amount of rules that Juggernaut will create by setting the deny permanently limit and deny temporarily limit under Juggernaut -> Settings -> General Settings. Juggernaut will rotate out older entries to stay under the limit set unless the entry is marked with "do not delete".
You can also try to limit the number of iptables rules used for country block lists under Juggernaut -> Settings -> Country Settings -> Ignore CIDR blocks smaller than (set it to something like /24). This will allow you to still block the majority of the country while ignoring the smaller networks.
Note
Virtuozzo 6 and below is not the ideal VPS because it does not support ipset for high performance firewall blocking. Most of the larger VPS providers like OVH, Digital Ocean, and Linode have long switched away from using Virtuozzo and now use KVM which fully supports ipset. Even Virtuozzo themselves have switched over to using KVM in Virtuozzo 7.
View Full Article...
Yes we support blocking attacks like these very easily. See below for more information:
How can I enable a custom login failure trigger for an application?
https://www.danami.com/clients/knowledgebase/174/How-can-I-enable-a-custom-login-failure-trigger-for-an-application.html
Login Failure Custom Triggers
https://docs.danami.com/juggernaut/user-guide/login-failure-custom-triggers
View Full Article...
Maxmind pulled public access to the GeoLite2 databases as of Dec 31/2019. You can read about the changes here:
https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/
For now you will have to register on the Maxmind site and setup a free license key:
Signup
https://www.maxmind.com/en/geolite2/signup
Create a free license key (When asked - Will this key be used for geoipupdate? Choose: no)
https://www.maxmind.com/en/accounts/current/license-key
Then in Juggernaut go to Settings -> Geolocation Settings -> enter the MaxMind license key option.
View Full Article...
You can disable and enable the firewall from the command line using the following commands:
To disable the firewall:
csf -x
To re-enable the firewall:
csf -e
To get the list of all command line options:
csf --help
View Full Article...
To get your free Maxmind license key
Signup for the free license key here: https://www.maxmind.com/en/geolite2/signup
Generate a license key here (When asked - Will this key be used for geoipupdate? Choose: no)
Navigate to your Extension -> Settings -> Panel Application -> Geolocation Settings and enter the license key under MaxMind license key. (It might take 30 minutes before MaxMind will recognize a newly created key).
Press the update button to save your settings.
View Full Article...
ConfigServer Security & Firewall (csf) currently supports using iptables interface so when upgrading to Debian 11, Ubuntu 20.04 LTS, or Ubuntu 22.04 LTS which uses nftables by default you must switch back to the iptables interface. Most of the newer OS support iptables-nft which provides a bridge to the nftables kernel API and infrastructure so using iptables isn't an issue.
Make sure that the iptables packages are installed:
# apt-get install iptables
There are two variants of the iptables command:
1. legacy: Often referred to as iptables-legacy.
2. nf_tables: Often referred to as iptables-nft.
The newer iptables-nft command provides a bridge to the nftables kernel API and infrastructure and is recommended if it is supported by your OS. You can find out which variant is in use by looking up the iptables version. For iptables-nft, the variant will be shown in parentheses after the version number, denoted as nf_tables:
# iptables -V
iptables v1.8.4 (nf_tables)
1. To view your alternatives for running iptables you can run the command: update-alternatives --config iptables
# update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).
Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/sbin/iptables-nft 20 auto mode
1 /usr/sbin/iptables-legacy 10 manual mode
2 /usr/sbin/iptables-nft 20 manual mode
Press <enter> to keep the current choice[*], or type selection number:
2. Run the following commands to re-link any symbolic links:
ln -s /etc/alternatives/iptables /sbin/iptables 2>/dev/null
ln -s /etc/alternatives/iptables-save /sbin/iptables-save 2>/dev/null
ln -s /etc/alternatives/iptables-restore /sbin/iptables-restore 2>/dev/null
ln -s /etc/alternatives/ip6tables /sbin/ip6tables 2>/dev/null
ln -s /etc/alternatives/ip6tables-save /sbin/ip6tables-save 2>/dev/null
ln -s /etc/alternatives/ip6tables-restore /sbin/ip6tables-restore 2>/dev/null
3. Go to the Juggernaut Firewall -> Settings -> Binary Settings and press the default button at the bottom of the page to apply the correct iptables binary locations.
Now everything should be switched over to iptables and CSF should function correctly.
View Full Article...
Make sure that you have the rsyslog package installed and that it is enabled otherwise your log files will be empty. Some newer distributions might not install this package by default as they use journald logging by default.
Centos/AlmaLinux/RHEL
yum install rsyslog
systemctl enable rsyslog --now
Debian/Ubuntu
apt-get install rsyslog
systemctl enable rsyslog --now
View Full Article...
As Cloudflare is a reverse proxy, any attacking IP addresses (so far as iptables is concerned) come from the Cloudflare IP's. To counter this, an Apache module mod_cloudflare is available that obtains the true attackers IP from a custom HTTP header record (similar functionality is available for other HTTP daemons.
Restoring Original Visitor IP Addresses
Install the mod_cloudflare module. This will make sure that the users real IP address is reported correctly in the web server logs.
Centos/RHEL/CloudLinux
Plesk maintains their own mod_cloudflare pacakges so it should be a simple process to install.
// install the mod_cloudflare package
yum install mod_cloudflare
// restart apache
systemctl restart httpd
Debian/Ubuntu
Plesk does not maintain the mod_cloudflare module on Debian/Ubuntu so users must use install the repository provided by Cloudflare. See https://pkg.cloudflare.com/ for more information.
Add the Cloudflare Network Ranges To Ignore
Navigate to Juggernaut Firewall -> Ignore
Click the Advanced button and add the Cloudflare network ranges to ignore so the login failure daemon will never block them.
Click the Update button to save your settings.
Click the Restart button to restart the firewall and login failure daemon.
Enable Cloudflare Support
Navigate to Juggernaut Firewall -> Settings -> Other -> Cloudflare Settings
Check the Cloudflare firewall checkbox to enable Cloudflare support.
Click the Update button to save your settings.
Click the Restart button to restart the firewall and login failure daemon.
Add Your CloudFlare API Keys
Navigate to Juggernaut Firewall -> Settings -> Other -> Cloudflare Settings -> Cloudflare Users
Click the Add button on the grid to add any Cloudflare user API keys (CSF uses the older API keys not API tokens)
Click the Submit button to save your settings.
Click the Restart button on the grid to restart the firewall and login failure daemon.
Add the Cloudflare Actions Widget To The Dashboard
Navigate to Juggernaut Firewall -> Dashboard
Click the Add Widget button on the top right of the dashboard.
Click the Add Widget button below the Cloudflare Actions widget.
View Full Article...
Installation Instructions
Learn how to install the product.
Getting Started
Learn how to configure the product.
Troubleshooting
Having problems? Learn how to diagnose and debug issues.
Knowledgebase
Self help questions and answers for product support, including pre-sales questions.
1. Double check that the default_monitor_mode is set:
Edit /usr/local/maldetect/conf.maldet and find and set:
default_monitor_mode="users"
2. Some users may also need to increase their inotify file watch limit on their systems before the maldet monitoring daemon will start.
To view your current limit:
cat /proc/sys/fs/inotify/max_user_watches
To raise your limit:
echo fs.inotify.max_user_watches=1048576 > /etc/sysctl.d/sentinel.conf
sysctl -p /etc/sysctl.d/sentinel.conf
Start the service:
systemctl restart maldet
Check the logs for any errors:
tail -f /usr/local/maldetect/logs/event_log
Example error of when max_user_watches is too low:
Please increase the amount of inotify watches allowed per user via `/proc/sys/fs/inotify/max_user_watches'.
View Full Article...
As of ClamAV 0.103.2 the SafeBrowsing config option was deprecated. See here for more information. To fix the error edit the file freshclam.conf and comment out the SafeBrowsing line in the config file. You can use the command:
Centos/RHEL/Cloudlinux/AlmaLinux
sed -i -e "s/^SafeBrowsing /#SafeBrowsing /" /etc/freshclam.conf
Debian/Ubuntu
sed -i -e "s/^SafeBrowsing /#SafeBrowsing /" /etc/clamav/freshclam.conf
This has been fixed in Warden 2.08-1 and Sentinel 1-14-1 which was published to the Plesk extension directory.
View Full Article...
There is a bug in the Linux Malware Detect v1.6.4 daily cron script. You can fix the error by changing line 69 in /etc/cron.daily/maldet
From:
elif [ $cron_daily_scan == "1" ]; then
To:
elif [ "$cron_daily_scan" == "1" ]; then
View Full Article...
To get your free Maxmind license key
Signup for the free license key here: https://www.maxmind.com/en/geolite2/signup
Generate a license key here (When asked - Will this key be used for geoipupdate? Choose: no)
Navigate to your Extension -> Settings -> Panel Application -> Geolocation Settings and enter the license key under MaxMind license key. (It might take 30 minutes before MaxMind will recognize a newly created key).
Press the update button to save your settings.
View Full Article...
Warden requires that you use the ClamAV packages from the EPEL repository. In order to prevent the wrong packages from being installed you must add the line exclude=clam* to any conflicting repositories. For example if you have the imunify360 repo installed edit the file /etc/yum.repos.d/imunify360.repo. On CloudLinux servers the file to edit is: /etc/yum.repos.d/cloudlinux-imunify360.repo
Before:
[imunify360]
name=EL-7 - Imunify360
baseurl=https://repo.imunify360.cloudlinux.com/defense360//el/7/updates/x86_64/
username=defense360
password=nraW!F@$x4Xd6HHQ
enabled=1
gpgcheck=1
gpgkey=https://repo.imunify360.cloudlinux.com/defense360//RPM-GPG-KEY-CloudLinux
After (Add exclude=clam* to the first section):
[imunify360]
name=EL-7 - Imunify360
baseurl=https://repo.imunify360.cloudlinux.com/defense360//el/7/updates/x86_64/
username=defense360
password=nraW!F@$x4Xd6HHQ
enabled=1
gpgcheck=1
gpgkey=https://repo.imunify360.cloudlinux.com/defense360//RPM-GPG-KEY-CloudLinux
exclude=clam*
After this is done the extension installer will be able to complete successfully.
View Full Article...
To run a Malware Scan
Navigate to Sentinel Anti-malware -> Scan
Select the specific domains you want to scan or choose All domains to scan all of them.
Click the Scan button to start the scan.
After the scans are complete the scan report will be listed under the Reports tab.
To View a Scan Report
Navigate to Sentinel Anti-malware -> Reports
Click on a Scan ID entry in the grid for the report you want to view.
Any detected malware will be listed under the Malware Hits section.
To Perform an Action on the Malware hits
Click on the Actions tab for the scan report.
Choose an operation to perform from the select list (Quarantine, Restore, Clean, Email).
Press the Run button to perform the selected action.
View Full Article...
The admin and pro versions of our products are limited to the number of domains you can have in your Plesk panel. If you get this error then it means that you are going over your domain limit. To fix the error you can cancel your current license though our client area then order the 30 domain or unlimited domain licenses. After your order is approved you will get a new license key that you can enter in the license area of the product.
What domains are counted for a Danami license domain limit?
https://www.danami.com/clients/knowledgebase/93/What-domains-are-counted-for-a-Danami-license-domain-limit-.html
How do the admin and pro edition domain limits work?
https://www.danami.com/clients/knowledgebase/21/How-do-the-admin-and-pro-edition-domain-limits-work.html
How can I upgrade my license from the admin or host editions?
https://www.danami.com/clients/knowledgebase/23/How-can-I-upgrade-my-license-from-the-admin-or-host-editions.html
View Full Article...
You can change the interface language under Settings -> Application Settings -> Locale
We are looking for volunteers to fix any errors with the machine translations in our Plesk extensions for the following languages:
Español (Spain)
Français (France)
Português (Brazil)
Magyar (Hungary)
Русский (Russia)
Türkçe (Turkey)
Svenska (Sweden)
中文 (China)
中文 (Taiwan/Hong Kong)
日本語 (Japan)
Volunteers will get a free license for every Plesk extension that they help translate. The translator must be a native speaker of the language they are translating. The license will remain free as long as they want to remain the translator for that language. Open a support ticket though our client area if you are interested.
View Full Article...