Edit your .htaccess file in the public_html folder on your website having the issue.

At the very top of the file put in the following
SetEnv PHPRC /home/username/public_html/ <- replace the address with the base address of where you are intending to put the php.ini file we are creating next. Save the file.

Create a new file in the location you assigned in the last step called php.ini ensure it has secure permissions. Please the following text in the php.ini file and save it.

memory_limit = 64M ; Maximum amount of memory a script may consume (64MB)

And that should have your issue resolved!

Questions in the comments, Cheers!

On the console/shell of the server enter the following command to check it ImageMagick is installed
#  /scripts/checkimagemagick

The output if installed will be “ok”

If it is not installed, type in the following
# /scripts/installimagemagick

This will take a little while to install depending on server speed and internet speed. Once completed it will say “ImageMagick installed ok” Then we can check the version to ensure it is installed correctly using the following command
# /usr/bin/convert –version

The output should have the ImageMagick Version details and Copyright details.

Now How to install Imagick on CPanel using WHM PECL Module install.

Go to WHM -> Software -> Module Installers ->PHP PECL Manage

Type in imagick in the Install a PHP Pecl and click Install.

Job Done!

Hope That helps. Any questions please put them in the comments.

This is based on CSF (Config Server Firewall) which comes highly recommended by myself and will be included in my CPanel install How-to doco’s that I’ll be releasing when I get time to finish them! .

1. Head to CSF Firewall Configuration and find the options starting from PT_USERPROC. see images below.
   
   
2. Change the settings in the below fields to your desired levels, take a moment to read the descriptions as the ones I have recommended here might not be viable for your setup.

PT_USERPROC = 20
PT_USERMEM = 300
PT_USERTIME = 900
PT_USERKILL = 1
PT_USERKILL_ALERT = 1

Basically this is saying that any process under a specific user runnning for more than 900 seconds will trigger the user process kill and stop all processes under that user. It will also separately trigger the process kill for ALL processes under the specific user should that users TOTAL memory usage be over 300MB. The PT_USERKILL value sets where the process’s are killed or not, and the PT_USERKILL_ALERT value says whether you are emailed an informational alert stating what was done and why. This is valuable information and should always be on! Information is king!

Hope this helped some of you with process/memory issues on your servers. And again, take time to understand what each function does, CSF is a powerful tool! Questions in the comments! Cheers

Which brings me to this post, a helpful method of speeding up those sluggish ecommerce or heavily content driven sites is by utilizing Gzip, which is available in Apache version 2.x and up. Gzip will compress the content on the server delivering a much smaller file size to the browser where it is uncompressed and served as per normal, this reduces bandwidth and in most cases drastically reduces the viewing time of your websites. The only downside is there will be some increase in CPU load on the server side and also a slight increase in the browsers load as it decompresses the content, this is minimal and I haven’t yet seen any negative effects.

Basically in order for Gzip to work Apache 2.x needs to be compiled with mod_deflate so the first step, if it isn’t already enabled, is to enable mod_deflated and recompile your apache.

1. Using EasyApache in WHM we rebuild with mod_deflate enabled
   I won’t go through the initial steps in detail, once clicked into the Easy Apache area  ensure the Previously Saved Config (**DEFAULT**) is selected and click start customizing based on profile leave the next screen on its default which should be the current apache version (remember needs to be 2.x to support mod_deflated) choose NEXT leave the PHP Major version the same and click NEXT, leave PHP minor version the same and click NEXT, leave Short Options List the same and click Exhaustive Options List, Here we will check the box that says Deflated. See image right. Then select save and build note that this can take a long time depending on the servers performance, etc. Once its done, apply it and thats it Deflate is now compiled into Apache.
   
2. With mod_deflate enabled we can turn on Gzip on a per account basis.
   In CPanel under the specific accounts you can enable Gzip via the Optimize Website page! See image below.
   
   Once in the Optimize Website menu you can choose from a few options as shown below. I’ll leave that up to you, its relativelt self explanitory. If you want to check your site to see if it is being gzipped you can use  this little tool http://www.gidnetwork.com/tools/gzip-test.php which is pretty helpful, or google gzip test as there is a whole bunch of them out there.
   

Hope this helped give you an idea of how to enable Gzip in CPanel! Questions in the comments, happy fast browsing

1. Open Exim configuration from within WHM
   Open up a WHM connection to your CPanel server and head to Service Configuration >> Exim Configuration Editor then click on Advanced Editor.
I will take this moment to make a note:- if you are running a CPanel server you MUST use the WHM editor Exim Configuration Editor, I learnt the hard way before I even knew you could edit this option in WHM by editing exim.conf on a CPanel server that it will definitely be overwritten at some stage by an update! However these changes also apply to a non CPanel server that uses Exim by applying the same changes to /etc/exim.conf. See image below.



2. Find and edit the Routers Configuration
   Find the editable section below ROUTERS CONFIGURATION it looks something like this.
   Just below the section that says demo accounts are not permitted to relay email is where we are going to add our relay hosts. And below is a demo of a very basic send connector.

   domain1send:
   driver = manualroute
   transport = remote_smtp
   route_list = domain1.com smtp2.anotherserver.com

   This one here basically would take anything sent to a @domain1.com address and send it out via smtp2.anotherserver.com.

3. Save your changes and restart Exim
   Save the changes you have made by clicking save at the bottom of the page, then go to Restart Services >> Mail Server (Exim) then click yes. And test away.

This is a fairly basic setup and is intended to be used in a server that “sends to the world” directly already. IE this is for those domains that become a problem or in your environment may need to be routed differently than what the DNS resolve for that address might come up with.

Any questions, leave them in the comments!

1. Restrict SSH to Protocol 2 & Restrict the Port to a non standard port.

to do this simply log into the console of the server as the root user and use your favourite editor to modify the sshd configuration file like so.

pico /etc/ssh/sshd_config

Find the line that reads Protocol 2,1 and the line that reads Port. Below is an example of a modified configuration. Port 22444 is the new ssh port and the #Protocol 2,1 is removing that line from the config and the line below it is restricting the Protocol to 2 only.

Port 22444

#Protocol 2,1

Protocol 2

2. Restrict Source Hosts from within CPanel.
   From within your WHM head to Security Center >> Host Access Control.
   Here we can add in some rules to control who can access sshd. View the image below you can see how I have added access to Office and Head Office with two rules (Access List is internal ranges in this case, would normally be a single external source, IE 123.211.123.211) & the third rule is to deny ALL others, the final deny rule must be the last of the sshd rules.
   
   
3. Restart SSHD service.
   From console/terminal or WHM restart the sshd service. type service sshd restart in console/terminal or go to Restart Services >> SSH Server (OpenSSH) from within WHM and hit YES.

NOTES: I am using OpenSSH in this example. If you have any third party firewall’s in place you will need to punch a hole in those with the different port as well. Also as I recommend you run a firewall on your CPanel box you will also need to configure that. I recommend Config Server Firewall as an addon/pluggin for CPanel and will have an install and configuration writeup on that at some stage soon! Post a Comment if you have any questions.

1. Create an ACL (Access List) within named.conf

Get access to your CPanel servers console or SSH in with root permissions. Using your favourite editor, pico in my case, edit the following file

pico /etc/named.conf

Here is the section of named.conf we are going to add in our ACL. This is prior to any changes to show the default file.

controls {
inet 127.0.0.1 allow { localhost; } keys { “rndc-key”; };
};
WE WANT TO ADD HERE
options {

here is an example of the same section with a basic ACL added. Bolded for convenience.

controls {
inet 127.0.0.1 allow { localhost; } keys { “rndc-key”; };
};
acl trusted-servers {
192.168.100.0/24;   //Showing a entire range allowed
123.122.123.122;     //dns0.something.com
122.123.122.123;     //dns1.something.com
};
options {

Above you can see we have allowed the entire 192.168.100.0 address range (just an example of allowing a range of IPs) and we have added specific access from the two dns0 and dns1 servers. Everything behind the // is ignored and only used to comment the file so we can understand what we have done when we need to view this file some random time in the future! It saves the headache of trying to figure out what the hell we did last time

2. Apply our new ACL to the main options in named.conf
   Now all we need to do is add in the trusted-servers ACL we created!
   Find the below bit a little further down in named.conf

// Put files that named is allowed to write in the data/ directory:
directory                ”/var/named”; // the default
pid-file                 “/var/run/named/named.pid”;
dump-file                ”data/cache_dump.db”;
statistics-file          ”data/named_stats.txt”;
/* memstatistics-file     “data/named_mem_stats.txt”; */
allow-transfer {none;};
};

And below example is the same area changed to add in the ACL we created. I have bolded the bit I changed.

// Put files that named is allowed to write in the data/ directory:
directory “/var/named”; // the default
pid-file “/var/run/named/named.pid”;
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
/* memstatistics-file “data/named_mem_stats.txt”; */
allow-transfer { trusted-servers; };
};

Save your changed file and restart BIND/NSD. You can do this from command or simply from within the WHM panel!

Now TEST! From an allowed source you can use nslookup from command, if its a windows box simply run nslookup then server then ls -d domainname.com domainname.com being a domain which is hosted on the CPanel server. You should recieve a copy of the entire zone on screen! Any questions, put them in the comments.

C:\>nslookup
>server my.cpanelhost.com
>ls -d domainname.com
Zone information will be displayed.