ZPanel remote execution vulnerability bot24.blogspot.com/2013/06/zpanel…
patrick — Wed, 07/13/2011 – 20:33
It contains step-by-step instructions for installing Ubuntu with the LAMP options plus Webmin and Virtualmin.
Patrick’s introductory paragraph explains, “Over the past few years I have experimented with different web server setups. I have found that the combination Ubuntu, LAMP (Linux, Apache, Mysql, and PHP), Webmin, and finally Virtualmin provide many advantages in my day to day workflow as a web developer. This setup provides me with an easy to use and easy to maintain web server that lessens the time spent configuring the server and increases my time programming. Here are my step by step instructions for setting up my favorite server configuration.”
My commentary: I found Patrick’s well written and well organized article because I was searching for a graphical interface for managing the configuration of Apache, PHP, MySQL, DNS services, and IMAP/SMTP email, on my Ubuntu server 12.04.02 O/S. On my Ubuntu server, I have installed the open source ZPanel from the Zpanel script, which installation seems good so far for setting up domain users, hosting their domains, ftp, databases, and webmail. However, it lacks the ability to access and manage the configuration files without me having to manually search for their paths on the server’s file system. In this regard, the Zpanel documentation and forum support seems a bit scant. And, I do not know whether ZPanel automatically installs various services to different directories than the default directories that would have been established if I had installed LAMP as selected options during the Ubuntu server installation. Due to this concern of mine, I remain reluctant to install Webmin and Virtmin unless they actually search the file system or otherwise locate and identify the exact location of the relevant configuration files to be managed.
This is one way to install Apache2 webserver, MySql database server, and PHP5 web server support, plus PhpMyAdmin, onto Linux Ubuntu server or Ubuntu desktop v. 12.04.02 distribution.
Credit to Kevin Whitman for his excellent youtube tutorial. http://www.youtube.com/watch?v=MrGD2X-sDQY
And credit Kevin Whitman’s Blog articles: See: Part 2 http://kevinwhitman.com/2011/06/27/set-up-a-sandbox-to-test-php-apps-part-2-install-web-server-php-mysql-and-phpmyadmin/
Note: For windows remote SSH access to your Ubuntu server, you should download and execute PuTTY or similar SSH client for establishing a terminal interface to the Ubuntu server IP address. You can find and download PuTTY open source from sourceforge.net here: http://sourceforge.net/projects/putty.mirror/ . This article assumes that Ubuntu server or Desktop version 12.04.02 (32 bit or 64 bit) is already installed as your server.
Installing Apache Webserver on Ubuntu:
root ~> apt-get install apache2 (Enter)
(answer Y(es) to download the installation package and install it.)
Installing MySQL on Ubuntu:
root ~> apt-get install mysql-server
(you should setup a MySQL ‘root’ password when prompted. Write it down so you won’t forget the password for ‘root.’)
Install PHP on Ubuntu:
apt-get install php5 php5-gd php-pear php5-mysql php5-curl php5-memcache
Y(es) to download etc.
Restart the Apache web server after installing PHP:
root ~> /etc/init.d/apache2 restart (Enter)
Test Your PHP and Apache installation:
Create a php information file called “testinfo.php” to test PHP and Apache.
at the default /var/www/ directory, and the testinfo.php file should have only the following one line of content:
<?php phpinfo() ?>
Create this testinfo.php file using a text editor. Access it from http://the_server_IP_address/testinfo.php
root~> apt-get install phpmyadmin
configure the database root password
Copy the phpmyconf file (configuration file) over
ls –s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf
Then restart apache web server
So, now phpmyadmin will come up in the browser http://Server_IP_address/phpmyadmin
Login to phpMyadmin with the username: root
and the password you established
[fvplayer src=’http://www.sheldonsblog.com/wp-content/uploads/2013/07/20130722.flv’ width=608 height=446 autoplay=false splash=’http://www.sheldonsblog.com/wp-content/uploads/2013/07/20130722.splash.jpg’ splashend=show]
On reading his new book to children in kindergartens and first grades, Jeff says, “It’s terrifying!” * * * “Little kids like that, they’re like taking your parents out in public. They don’t — there’s no filter. They just say whatever they’re thinking. And, you know, they don’t care.”
The brand new Western Digital 1TB drive that I bought had developed a harmonic squeal which began about 2 days after I started installing software on it. It sounded like a high-pitched tuning fork. Before returning this WD drive to the store for a refund, I would want to clone it sector-by-sector to a new Seagate 1TB drive. I had installed Linux Ubuntu 12.04.02 64-bit O/S on the WD drive and had also installed Zpanel web hosting control panel, with Apache web server, MySQL database server, Roundcube Webmail and Postfix / Dovecot email SMTP, POP3 and IMAP mail protocols. I needed to clone the WD onto the new Seagate replacement drive because I didn’t want to make a fresh install of everything (Ubuntu and the Zpanel package) going onto the new Seagate. So, I looked for a good cloning solution.
EaseUS To Do 3.0 booted nicely from CD, but it reported that it could not clone the entire disk-at-once (going disk-to-disk all in one step) because EaseUS reported that the source drive (WD) was larger than the destination drive (Seagate). The source disk had more than one partition. Instead of trying to clone each disk partition separately from source to target, I decide to look for a better cloning solution than EaseUS.
I downloaded the 64-bit ubuntu-based version of Gparted Live, which I read that I could use to resize the source partitions on the WD drive, and hopefully to make them a little smaller (combined) so that a cloning program might allow me to do disk-to-disk at-once, or at least clone the separate partitions one at a time without exceeding the target Seagate total disk size.
The operating partition on the WD drive was quite empty. Probably only 10 percent of the partition actually contained files. I thought that I could use the Gparted Live CD to shrink the operating partition on the WD, and then try to use Clonezilla cloning software to clone the WD partitions (one at a time) over to the new empty Seagate Drive. Little did I know that the Gparted might not be necessary for my particular job.
When I finished burning the Clonezilla Live AMD-64 (64-bit) ISO onto a blank CD (creating a boot utility CD), I decided to try again cloning disk-to-disk at-once without first using Gparted to shrink the OS partition on the WD source drive. CLONEZILLA WORKED!!! It actually reported that the WD source drive was exactly 1.0 Terabyte in total size and that the Seagate drive was 1.2 Terabytes in total size!!! The source drive was actually larger than the destination drive!!! This meant that there was absolutely no reason to resize and shrink any partitions on the WD source drive. EaseUS was wrong. Maybe the free version of EaseUS that I was using had a 1 TB limit and the new Seagate exceeded that self imposed limit! Who knows? Not sure. But, I love Clonezilla. It actually rebuilt the Grub2 boot loader and re-sized (expanded) the operating partition on the target drive to utilize the extra 0.2 terabytes of space located on the destination Seagate drive.
After cloning, I booted to the Seagate OS and everything works just fine — so far.
I found this vid on YouTube and it his HD sounds exactly like my brand new drive. Now I need to exchange it for a Seagate and reinstall my Linux O/S and configure Zpanel again. Glad I didn’t send in the $10 rebate form.