PHP Selector How To: Force All Users To Use Default Version

When using CloudLinux with PHP Selector, you may need to force all existing users on a server to use a correct version of PHP. While Plesk makes this easy by setting a PHP version to an alt-php version, PHP Selector will still default to 5.4 meaning sites won’t load.

We’ll need to do two things. Firstly we’ll need to set a default version of PHP. SSH into your server, elevate to root, and run this to set PHP 7.4 as your default version within PHP Selector.

selectorctl --set-current=7.4

Now you need to reset all existing users PHP versions using:

cagefsctl --cl-selector-reset-versions

Note: If any users have customised extensions enabled/disabled, or have picked a version themselves this will reset them to default.

How To: Basic Server Security (CentOS 7) – April 2019

Out of the box, servers are often insecure and come with outdated software. In this guide we will be going through the basics of what you need to do to secure a server. This guide applies to CentOS 7 and was last updated April 2019.

1. Updates! Updates! Updates!

The first thing you need to focus on is updates. Ensuring your server is up to date is key, and you need to make sure you do this regularly.  Downtime in the name of security is justifiable, but with the correct configuration and redundancy you can avoid downtime too (but that’s for another blog post).

To update in CentOS, run:

sudo yum update && yum upgrade

2. Firewall

2.1 – Install the firewall

My preference for a firewall for beginners is CSF + LFD  (ConfigServer Firewall + Login Failure Daemon). To install CSF you’ll need to run the following commands:

sudo yum install wget nano perl-libwww-perl.noarch perl-Time-HiRes

Enter the /usr/src folder:

cd /usr/src/

Download the CSF tarball:


Extract and install:

tar -xzf csf.tgz
cd csf

Run the test to see if the server should be compatible:

cd /usr/local/csf/bin/

The result should be:

# perl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

2.2 – Configure the firewall

Now the firewall is installed, you need to configure it. This basic configuration will allow incoming traffic on a number of ports, you should edit the csf.conf file later to lock this down.

cd /etc/csf # Enter the CSF directory
cp csf.conf csf.conf.bak # Back up the existing csf.conf file
sed -i 's/TESTING = "1"/TESTING = "0"/g' csf.conf # Turns Testing mode off

Next, we’ll disable the existing firewall service and enable CSF.

systemctl stop firewalld # Stop firewalld 
systemctl disable firewalld # Disable firewalld from starting at boot
systemctl start csf # Start the new CSF firewall
systemctl enable csf # Enable CSF on boot
systemctl start lfd # Start LFD
systemctl enable lfd # Enable LFD on boot

You can whitelist your IP address to prevent you from getting locked out if you have too many incorrect password attempts, but only do this if you have a static IP. Do this by running:

csf -a # Replace with your IP Address (v4 or v6)

Once making a change, restart CSF with:

csf -r

3. Secure SSH

Securing SSH is the next important aspect. I’m going to assume you are already connecting to your server using public key auth with your own user in the wheel group (AWS, DigitalOcean, Azure, Linode use this by default) – if you aren’t using public key auth, do so.

We’re going to disable root login and disable login by passwords. This will prevent hackers from brute-forcing their way in over SSH to the default root account. 

cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
echo "PermitRootLogin no" >> /etc/ssh/sshd_config

In the future, we will release a blog post on achieving PCI Compliance to achieve baseline security, keep your eyes peeled or follow us on Twitter (@cyberhatch).

ASCII Art featured image

Cheat-sheet: Linux Commands in Windows

If you spend a lot of time in the command line you may find it a bit difficult to remember the different commands you need to use to achieve basic things depending on whether you’re using Unix/Linux or Windows that day. This guide contains a cheat-sheet with some of the most used Unix commands and their Windows counterparts. If you use PowerShell you’re in luck because Microsoft has added a large number of the Unix commands as aliases for their Windows counterparts for you, but if you use CMD/Command Prompt still this list is for you.



Unix command: clear
CMD command: cls
The clear command is used to clear the window you currently have open, useful if the clutter is distracting you. The Windows alternative is cls (clear screen).


Unix command: ls
CMD command: dir
The ls command is used list the contents of the current directory, append with the location of another directory to list the contents of a different directory. The Windows alternative is dir (directory).


Unix command: cat
CMD command: type
cat is most frequently used to output the content of a file to the command line, or to add the content of file into another file. The Windows alternative is type (fairly self explanatory).


Unix command: sudo
CMD command: powershell Start-Process cmd.exe -Verb runAs
Windows doesn’t have an in-built answer to the sudo command (used to elevate your command line to run commands that are system sensitive), but powershell Start-Process cmd.exe -Verb runAs will open another CMD window for you running as the administrator user.


Unix command: rm
CMD command: del
Used to remove files and folders. The Windows alternative is del (delete).


Unix command: cp
CMD command: copy
Used to copy files and folders. The Windows alternative is copy (self explantory). xcopy also exists.


Unix command: nano, vi, ee
CMD command: notepad
CMD doesn’t have an in-built text editor*, but prefixing a file name with notepad will open it up in Notepad so you can edit it in the GUI. If you need to open a file as an Administrator (for example to edit the hosts file), see the next command.
* Some older versions of Windows come with edit from the DOS days, but Windows 7 64-bit and above does not.


Unix command: sudo nano
CMD command: powershell Start-Process “notepad.exe <filename>” -Verb runAs
This will open the file you want to edit in an elevated Notepad instance. For example, to edit the hosts file run: powershell Start-Process “notepad.exe C:\Windows\System32\drivers\etc\hosts” -Verb runAs and then you can make the changes needed and save the file in the GUI.


Unix command: ssh
CMD command: ssh
Windows 10 supports SSH! (Version 1809 does, anyway – older versions probably do too).


Unix command: shutdown (and shutdown -r or reboot) 
CMD command: shutdown
Windows supports the shutdown command but the flags are slightly different. Replace the hyphen with a forward slash (e.g; rebooting on Windows requires shutdown /r instead of shutdown -r). Execute shutdown and CMD will display a list of arguments.

How To Fix: Could not get metalink for EPEL

Quick Fix

Error message:

Could not get metalink error was 14: HTTPS Error 503 - Service Unavailable


sudo rpm --query --file  /etc/pki/tls/certs/

Output (will change as time goes on):


Copy and paste output, and then run:

sudo yum reinstall ca-certificates-2018.2.22-70.0.el7_5.noarch

Then try yum update again.






Linux How To – Install BSD’s EasyEditor on CentOS 7

Easy Editor (ee) is one of my favourite built-in utilities from FreeBSD. It’s my preferred text editor (vs vi, vim, nano, pico etc). Thankfully it is easy enough to install it on CentOS 6 and 7 (tested on 2018.03.18).

1 – Prerequisites

Firstly, you’ll need to install some prerequisites:

yum install libX11 libXdmcp

This command should install a total of 4 things.

2 – Fetch the .rpm installer


3 – Install it

rpm -Uhv easyedit-1.5.0-2.el6.rf.x86_64.rpm

If there are any missing dependencies, try running “yum install …” (replace “…” with the names of the missing dependencies).