Monthly Archives: March 2019

enable webp support in php GD library

If you are using directadmin and want enable webp support (Centos OS)
yum install libwebp-devel
vi /usr/local/directadmin/custombuild/custom/fpm/configure.php71
--with-webp-dir=/usr/lib64
./build php
If you have php 5.6 so use --with-vpx-dir

php -r 'var_dump(gd_info());'
array(12) {
  ["GD Version"]=>
  string(26) "bundled (2.1.0 compatible)"
  ["FreeType Support"]=>
  bool(true)
  ["FreeType Linkage"]=>
  string(13) "with freetype"
  ["GIF Read Support"]=>
  bool(true)
  ["GIF Create Support"]=>
  bool(true)
  ["JPEG Support"]=>
  bool(true)
  ["PNG Support"]=>
  bool(true)
  ["WBMP Support"]=>
  bool(true)
  ["XPM Support"]=>
  bool(false)
  ["XBM Support"]=>
  bool(true)
  ["WebP Support"]=>
  bool(true)
  ["JIS-mapped Japanese Font Support"]=>
  bool(false)
}

Unix.Trojan.DDoS_XOR-1 FOUND removal

If you find something running like /usr/bin/sywhksydor
or other strange name

You need check and remove /etc/crontab:
*/3 * * * * root /etc/cron.hourly/gcc.sh

then remove form init.d:
find /etc/ -name “*sywhksydor*” | xargs rm -fv

check if no more files created in similar time:
find /etc -mtime -3 -type f -print

Remove cron files:/etc/cron.hourly:
gcc.sh
wqcpplwrlsfby.sh

Remove /lib/libudev.so file

This should be enough, but you need keep monitor server and find the reason of the issue. In my case it was Magento:

$swvJgN7=”xQC+BaIOTBpEqTcQblQx5josN1zjqjFvNxlbbYnZNehr6bIY+iP6cwGBxTaHM7+pt5hmf2i/O4aEgvfCRfdJlMGS9RF0N5b83JCApZWFy0NHCplDxGRW3SxW0wZE142Nmf+7FgrnSoIQbmGT5MtwMBPKSMwd/iJG/YimplO02wgCM10Ivq1EtfgoP+AWezctDmP46MXr8Wwa+bgP6MMpmN5T/Yvoi22WXkzhBHd8BZvIXRoIsUADqgfvefeS3TlHavJw9VtGmBdzmU+o21+AZvXDVEK6EKSIi+R7VoiBpdhJTUstir45aKFjjBj4LdR0R/3dEzoNVQRLOmGpil9DqU6Mf1ELgyKywwxZUwOne2qLh3B/qdltngudFA0s8Abgo8gezeRq2i01pSA4MywmLEaJze7k2eJ4TWjgVurEYKKIIMHbtJhlPWOJUMswpVDHRqcsImkiHb4xEI2CBlwwNCdlKRs6eCapeVknqp3tzMzgUTqEg01/pQ7Gy7TE6HAXjlrmvN

no matching cipher found: client arcfour server

Control socket connect: Connection refused

sshd -T | grep "\(ciphers\)"
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc

arcfour is disabled on Centos 7, its weak, but you can enable it to speed rsync or rnaspshopt
vi /etc/ssh/sshd_config
Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc,arcfour,arcfour128,arcfour256

Policy server HTTP error: 500 Internal Error Temporary internal error: retry timeout exceeded

dovecot: auth: Error: policy(?,xx.xx.xx.xx): Policy server HTTP error: Connection lost: read(127.0.0.1:579) failed: EOF (Request queued 2.784 secs ago, 1 attempts in 2.784 secs, 2.784 in other ioloops, connected 21.780 secs ago)

This error is caused by cPhulkd of cPanel, so you can temporally disable it, while investigating.

Than check for errors:
/usr/local/cpanel/logs/cphulkd_errors.log
/usr/local/cpanel/logs/cphulkd.log

LMTP error after RCPT TO – Temporary internal error: retry timeout exceeded

LMTP error after RCPT TO::
451 4.3.0 Temporary internal error: retry timeout exceeded

dovecot: lmtp(5768): Error: fchown(/home/user/mail/domain.com/info/maildirsizesrv.domain.com.5768.87dedd4b02379106, group=12(mail)) failed: Operation not permitted (egid=507(user), group based on /home/user/mail/domain.com/info – see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)
lmtp(6918): Error: safe_mkstemp(/home/user/mail/domain.tld/info/maildirsize) failed: Operation not permitted

Its cPanel issue, so you cha try update info@xxx.tld mailbox quota to new: Allocated Storage Space