A few years back, I still telling many to use SPF to prevent outgoing email domain spoofing. For today, it is more than SPK record, DKIM & DMARC have become a must to prevent email domain spoofing and enhance your email delivery.

However, many still do not have these in their DNS records or just SPF. I personally think this is the moment to have all these 3 if you have not published them for your domain.

There are just too many spam, scam and phishing emails out there. Many email server administrators have tightened their email security, while this filtering rule is tighter, missing records on your domain DNS can be caused delivery failure if they are verifying, also receiving more spam emails.

Thus, it is important to implement all these three items. Modern control panels like cPanel or Plesk is just a few clicks away to seitch on SPF and DKIM. For DMARC, just Google and it is not difficult to have one too.

Using a Linux desktop computer

Using a Linux desktop computer

Not long ago, I have bought this cheap china laptop for US299. It was so cheap but have a backlighted keyboard, 256Gb SSD storage, a brilliant 1920 x 1080, 2.4/5Ghz band WIFI, Bluetooth 5 and it is a Windows 10 Pro. It is an N4100 Intel Celeron CPU with 8Gb RAM. It is not fast but with US 299, it is a steal.

I have raised the TDP power from 7 watts to 14 watts, it has generated more heat but still doable. My action is like overclocking the CPU, hopefully, it performs better. Unfortunately, for an i7 CPU users the overclocked N4100 laptop has performed much slower than expected on Windows 10. This is the first time I get an alert when I’m installing Bitdefender anti-virus.

It is asking me if I’d like to proceed while my notebook has not met the 1500Mhz CPU requirement. I did and it is even slower than before. I have realized on my mistake that I have overestimated a budget CPU laptop.

60% or more of my works is affected by the slowness of this budget laptop. For that money, you probably can do some word processing, internet surfing and couples of the youtube video, simply not amazing, I almost wanted to shelve it.

At a 2nd thought, I installed Ubuntu desktop Linux on this laptop. Guess what? It is alive and most applications I use come in Linux installer too. Now, I have ESET anti-virus, Whatsapp, Thunderbird, Chrome browser writing this article and listening musics on Spotify playing through a pair of bluethood earhphone.

It is definitely not as responsive as my i7 CPU laptop but nether it is slow. Next time you can install a Linux desktop on a slower computer too. I always have the impression that the Linux desktop is borng. It was in the past but it is not the case anymore, I simply love it.

These are a few advantages to use a Linux desktop for me;

a. Better security, as there are much lesser viruses and malware. Even for that reason, I install ESET real-time anti-virus protection.

b. Cheaper ownership. I have paid much lesser to get the same jobs done.

c. Useful out of the box functions have given me the convenient of my works like the terminal, the Linux CLI command, the snapshots, etc.

Moving to a Linux desktop is easier now. The learning curve is not steep than before as there are more ralated articles n the internet and more users.

Using weak password

Using weak password

If you are reading this, it is not too late to update your weak password to a stronger one. What is a strong password? Why there is a need to use a strong password? Ai https://passwordsgenerator.net/ 16 characters and above is considered a strong password.

A strong password, I personally reckon that it must be 10 characters long, comprises of upper letters, lower letters, numbers, and at least one symbol. If your current passwords have not met this requirement, they are weak.

I have seen 123456, abc123, p@ssword and similar. They are an extremely weak password, they should be prohibited and updated immediately.

In today’s internet, access to the internet is easy, brute-force login attacks are common. Thus, you should refrain yourselves using a weak password. A strong password is difficult to remember, the introduction of 2FA will help with this situation. But strong password is the most effective defense from any authorized access.

Fail2Ban in your Plesk

Fail2Ban in your Plesk

Bruteforce logins attack is common nowadays. If the ports are opened to the internet, they are prone to such attempts to gain access to the services. Using a strong password can reduce your risk but you cannot stop this kind of attack.

To stop totally unless you can limit or restrict access to certain IP addresses. This is not likely possible with the email service. So Fail2Ban can reduce and stop such attempts but it can too block a genuine use from accessing the service in some situations. However, if you are able to understand and fine tweak the module, false-positive can be reduced.

Today, we take a look at this module and neglected it by many Plesk users. One of the reason, this module is not adopted by many Plesk users, it is because this module is not set up by default.

Fail2BanIf you do not see this module in your Plesk under ‘Tools & Settings’ you can install from updates and upgrades under Plesk further down your screen. You will see this module after successfully installed. Likely you have to login again to see the just installed module.

Once it has installed successfully, we need to configure and turn on the module. I recommend placing your current IP address in the trusted IP section. This will avoid if you are blocked accidentally after you switched on the module.

fail2banNext, we will tell the module which are the services I want to use Fail2Ban. You might not need all but the important one like ssh, Plesk-proftpd. Plesk-panel, Plesk-postfix & Plesk-dovecot. These are the common services we have observed, receive most brute-force attacks. After you have decided which services, switch on and make sure they are active.

fail2banThe final step is the settings. Define how long you want to ban an IP, the number of failed logins within how long each interval. The default is 5 failed logins within 10 minutes and banned for 10 minutes if violated. I felt that the ban period can be longer, 3600 seconds is an hour. Lastly, we check the box to Enable intrusion detection and apply.

Congratulation, we have set up Fail2Ban on Plesk.


An infected attachment

An infected attachment

If you have received an email with an attachment especially with a *doc extension. This email may have sent from someone who has corresponded with you before with the same subject.

Their computers could have been infected by malware and sending you a trojan/malware.T his trojan steals contacts, credentials, banking information, etc.

We suggest you take the following preventive measures;

  1. Do not open any attachment on an email especially with doc extension, Scan the with your latest anti-virus if you are safe to open it.
  2. Do a full system scan on your computers and smart devices.
My personal opinion on CSF firewall

My personal opinion on CSF firewall

CSF firewall is available free and most cPanel users might have a copy because it is free? Today, I’m sharing my experiences. Not on how you install CSF or what are the items but opinions on hows the firewall serves its purposes.

For the last decade, CSF has been the part and parcel of cPanel users. However, I’m not actually fond of installing CSF. It is not that CSF has not served its purpose, it is all about individual perception and expectation. why? Let me shares;

a. I have seen CSF in test mode since day one. If you have installed CSF, you will know CSF is in TEST mode by default.

b. Block everyone in the office, cannot send and receive emails. So if your coworkers are sharing the internet through the same router, shared public IP address will be blocked if someone has entered the wrong password a few times.

c. No or non-optimised settings on CSF. Users have left the settings by default or minimum settings were done because they are difficult to understand in layman terms.

So, my experiences are never good with CSF installed. 90% of the time, require troubleshooting if someone has installed CSF. If you have a fully managed hosting service or you have planned to sacrifice your personal time (as they can be very time consuming) to adjust and tweak it.

Many failed logins in your logs?

Recently, you may have realized there were many failed login transactions in your logs. These failed logins have account users you don’t even know them before.

As long as you are hooked up with the internet, your servers and you are bound to these types of failed login transactions known as brute-force attacks. This type of attack will usually happen to a default port or a port used by the users you cannot apply restriction or minimum restriction.

Why are the ports do you see them often? Like the port 22 for SSH remotely; Ports 25. 110, 143 & 587 for emailing; Ports 8880 & 8443 use by Plesk; Ports 2082, 2083, 2086, 2087, 2092 & 2093 use by cPanel; Port 21 for FTP; Ports 80 & 443 for the webserver. Port likes 22 used by SSH, can be changed to another port number to avoid such and we encourage you to do that.

However, most ports you don’t as they are known as default for such services to be delivered. Hence, you are seeing more failed login transactions from these attackers attempted to steal your credentials to gain access to your account.

The key is using a strong password. If you have cPanel and Plesk control panels, you can reinforce users to adopt a higher strength of password used. This is a must and this is primary security practise for end-users. With a strong password, you have made these malicious activities very difficult.

If you have fully managed hosting, you can request the hosting support team to implement a 3rd party solution to bar these attacks. However, this often happened to users have basic managed or self-managed packages. hosting providers will not support 3rd party solutions. You can either do it yourself with the available resources from the internet or you paid someone to get it done. 

There are applications or functions from the control panel makers. For Plesk, you can install fail2ban & cPanel is cphulk. The problem for fail2ban & cphulk is not a bulletproof solution, very often users start to have login problems with these 2 applications.

This scenario has happened to 2 types of situations, you are a shared hosting user or an office has many users sharing the network through the same router. While most users do not have static IP internet, thus it is not possible to grant access to that IP. Hence, if you have 50 coworkers in the office, you just need one user to key in a wrong password for his or her mailbox or access the server from a computer has a backdoor, since everyone has the same public IP address, as soon as the IP address is blocked, he or she will become the culprit has paralyzed the rest of 49 users sending and receiving emails.

Thus, we must have to get a balance of both. There are pros and cons either way. Ultimately, strong password is the solution to this. If you insist to have such protection you must have static IP internet and they are more expensive.

Before I go, cphulk in a VPS virtualized by Virtuozzo and OpenVZ will not work. cPanel has decided not to support this type of virtualization due to the iptables settings are inconsistent with different providers. 


Change your SSH port

Change your SSH port

It is common to see the default ports are brute-forced attacks entries in your log files. Some of the common ones like part 25, 110 etc. Not limited to port 22, the default port for SSH.

If you have a VPS or a dedicated server, you will have SSH with root access. For convenience, they are delivered with SSH default port 22. However, we encourage the user to change their SSH port from the default 22 to another port, and it is not conflicted with other services.

In today’s example, we use port 1222. Since we have decided to use port 1222, we have to make sure you can connect to port 1222, so we must open up the port 1222 in order to SSH remotely.

For CentOS using firewalld we do this;

  • sudo firewall-cmd –permanent –remove-service=ssh
  • sudo firewall-cmd –permanent –add-port=1222/tcp

For CentOS using iptables do this;

  • iptables -A INPUT -p tcp -m tcp –dport 1222 -j ACCEPT
  • Remember to save

Now port 1222 is opened. We can proceed up the SSH port. Edit using vi /etc/ssh/sshd_confug

go to #port 22 press ‘i to update to port 1222 and save it with this command, press ESC mah=ke sure you are loner seeing the word  ‘insert’ at the left below screen use this command to save :wq

Now, we reboot the server and all the services will be restarted with the new value. Congratulation! You have changed your SSH port to 1222. Should you face any difficulty with this please contact our support team.


If you have received “I have bad news for you Email Scam”?

If you have received “I have bad news for you Email Scam”?

Document extracted from https://www.pcrisk.com/, you can learn more from https://www.pcrisk.com/removal-guides/13972-i-have-bad-news-for-you-email-scam

The “I have bad news for you Email Scam” email is categorized as being part of a spam campaign used by cybercriminals (scammers) who attempt to threaten and trick people into paying money. Typically, scammers send an email stating that they have recorded a compromising video or image of the recipient and, if their demands are not met, they will proliferate the material to everyone on the user’s contacts list…….