github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-06 04:51:54 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: github:0.9.9-0-12
Branches Tags
github:master
github:ipv6
github:0.9.9-0-12
github:0.9.9-0-11
github:0.9.9-0-6
github:0.9.9-0-5
github:0.9.9-0-4
github:0.9.9-0-3
github:0.9.9-0
github:0.9.8-26-62
github:0.9.8-26-61
github:0.9.8-26-60
github:0.9.8-26-58
github:0.9.8-26-57
github:0.9.8-26-56
github:0.9.8-26-55
github:0.9.8-26-54
github:0.9.8-26-52
github:0.9.8-26-51
github:0.9.8-26-50
github:0.9.8-26-49
github:0.9.8-26-48
github:0.9.8-26-47
github:0.9.8-26-45
github:0.9.8-26-44
github:0.9.8-26-43
github:0.9.8-26-39
github:0.9.8-26-38
github:0.9.8-26-37
github:0.9.8-26-36
github:0.9.8-26-35
github:0.9.8-26-33
github:0.9.8-26-31
github:0.9.8-26-29
github:0.9.8-26-25
github:0.9.8-19
github:0.9.8-18
github:0.9.8-16
github:0.9.8-15
github:0.9.8-13
github:0.9.8-12
github:0.9.8-11
github:0.9.8-10
...
compare: github:master
Branches Tags
github:master
github:ipv6
github:0.9.9-0-12
github:0.9.9-0-11
github:0.9.9-0-6
github:0.9.9-0-5
github:0.9.9-0-4
github:0.9.9-0-3
github:0.9.9-0
github:0.9.8-26-62
github:0.9.8-26-61
github:0.9.8-26-60
github:0.9.8-26-58
github:0.9.8-26-57
github:0.9.8-26-56
github:0.9.8-26-55
github:0.9.8-26-54
github:0.9.8-26-52
github:0.9.8-26-51
github:0.9.8-26-50
github:0.9.8-26-49
github:0.9.8-26-48
github:0.9.8-26-47
github:0.9.8-26-45
github:0.9.8-26-44
github:0.9.8-26-43
github:0.9.8-26-39
github:0.9.8-26-38
github:0.9.8-26-37
github:0.9.8-26-36
github:0.9.8-26-35
github:0.9.8-26-33
github:0.9.8-26-31
github:0.9.8-26-29
github:0.9.8-26-25
github:0.9.8-19
github:0.9.8-18
github:0.9.8-16
github:0.9.8-15
github:0.9.8-13
github:0.9.8-12
github:0.9.8-11
github:0.9.8-10

64 commits
0.9.9-0-12 ... master

Author SHA1 Message Date
Peca
d20bc94866 v-fix-website-permissions: chown for .php and .env files 2025-07-01 10:03:32 +02:00
Peca
b8b75f0dde v-change-wordpress-admin-passwords 2025-06-30 00:11:44 +02:00
Peca
2fd60fc29d VERBOSE_MODE in v-run-wp-cli 2025-06-30 00:11:44 +02:00
Peca
1567383b49 v-run-wp-cli: Parameter 'PHP' to force specified PHP version 2025-06-28 16:49:18 +02:00
Peca
6cce5ecadd chmod .env files to 600 2025-06-26 22:26:14 +02:00
Peca
e8b5b5a836 v-update-document-errors-files 2025-06-26 18:05:11 +02:00
Peca
451c9944b9 v-fix-wordpress-core: move .user.ini 2025-06-25 17:32:23 +02:00
Peca
f77f8e8b78 $SKIP_OWNERSHIP_CHECK in v-fix-website-permissions, v-fix-wordpress-core 2025-06-24 17:30:20 +02:00
Peca
09465e5fba v-change-database-password-for-all-wordpress: first optional argument to specify a $user 2025-06-23 21:53:55 +02:00
Peca
5ee72684ab v-change-wordpress-admin-passwords: default = y 2025-06-23 15:55:28 +02:00
Peca
d37473b5e8 Using v-wp-cli in v-change-wordpress-admin-passwords 2025-06-22 23:56:46 +02:00
Peca
fd6eb44bae .gitignore: exclude data, conf, log 2025-06-22 22:45:19 +02:00
Peca
97e5fc0677 v-change-database-password-for-all-wordpress: Using existing password for $db_user 2025-06-21 17:56:57 +02:00
Peca
294c8ba516 Setting chmod 600 for all php files 2025-06-21 15:57:21 +02:00
Peca
761da8150b Visual improvements for v-change-wp-admins-pass 2025-06-20 17:54:04 +02:00
Peca
2e2b4b2f58 v-backup-user-now skip LA limit 2025-06-19 15:57:50 +02:00
Peca
e46c7e4e60 v-get-wp-cli and terminal $COLUMNS fix 2025-06-17 22:22:16 +02:00
Peca
b13b25602c Use wp-cli from git repo if available 2025-06-17 19:29:58 +02:00
Peca
c8f9601a35 v-fix-wp-core: BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/ 2025-06-17 15:56:56 +02:00
Peca
d1c48504ad v-run-wp-cli 2025-06-17 14:02:31 +02:00
Peca
596bce582f Jailing v-run-wp-cli 2025-06-17 11:43:48 +02:00
isscbta
31413a8f73
Update v-change-wp-admins-pass 2025-06-17 01:56:02 +02:00
isscbta
6ac6ea40d3
Update v-change-wp-admins-pass 2025-06-17 01:20:05 +02:00
isscbta
12dc1a5718
Update v-change-wp-admins-pass 2025-06-17 00:49:27 +02:00
isscbta
8a4b66a135
Update v-fix-wp-core 2025-06-17 00:42:19 +02:00
isscbta
a8e39817fc
Create v-desinfect-wp 2025-06-17 00:40:47 +02:00
isscbta
aa2f5e4fbb
Update v-fix-wp-core 2025-06-17 00:40:10 +02:00
isscbta
e8cbaa742f
Create v-change-wp-admins-pass 2025-06-17 00:23:04 +02:00
isscbta
59053e2ffd
Update v-fix-wp-core 2025-06-17 00:07:17 +02:00
isscbta
4f871db1fc Update v-fix-wp-core 2025-06-16 17:59:52 +02:00
isscbta
819450ca5c Create v-fix-wp-core 2025-06-16 17:59:52 +02:00
Peca
2fe4ce2ae4 v-change-db-password-to-wordpress 2025-06-16 17:59:11 +02:00
Peca
c5d0619a6b Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl 2025-06-08 14:46:58 +02:00
Peca
413787070a Skip prompt to continue in vst-install-debian.sh if all required variables are set 2025-06-08 12:57:33 +02:00
Peca
6d752d93f5 Adding v-cd-www alias to root bash profile 2025-06-08 07:53:20 +02:00
Peca
85f39364a4 v-commander: stop setting a root password 2025-06-07 20:47:57 +02:00
Peca
0fd5be1d28 Activating FileManager licence for all users 2025-06-07 20:36:05 +02:00
Peca
89b7538fad Enhance package validation 2025-06-07 17:08:08 +02:00
Peca
8d9a3e1ca0 v-change-user-package switched to parse_object_kv_list_non_eval 2025-06-07 16:23:42 +02:00
Peca
4932dd3bb4 Fix dkim record deletion command in v-delete-mail-domain-dkim script 2025-06-07 14:53:49 +02:00
Peca
213ccd47df v-install-wordpress: Almost always use https 2025-06-04 11:25:33 +02:00
Peca
a3895aea0d v-clear-fail2ban 2025-06-02 15:16:33 +02:00
Peca
72252c561e Small bug fix in main.php 2025-06-01 20:25:23 +02:00
Peca
435a362765 Converting CRLF to LF in a few files 2025-06-01 14:44:18 +02:00
Peca
5ca293c9b2 Session DISABLE_IP_CHECK 2025-05-31 22:01:57 +02:00
Peca
92029a9733 v-import-cpanel-backup: /*!999999\- enable the sandbox mode */ fix 2025-05-30 22:08:44 +02:00
Peca
de5365280f Adding myVesta rules to SpamAssassin 2025-05-29 21:02:54 +02:00
myvesta
fa8dd64c5a Adding ProFTPD jail rule to Fail2Ban 2025-05-27 00:27:07 +02:00
ikheetjeff
ff7bc2baa5 Update edit_server.html 2025-05-26 09:39:29 +02:00
ikheetjeff
4c495a1d69 Update index.php 2025-05-26 09:39:29 +02:00
Peca
cb6e8e4926 nginx block-firewall.conf when user block 80,443 in Firewall 2025-05-26 09:39:29 +02:00
isscbta
451b025f1f Create v-delete-mails 2025-05-26 09:39:29 +02:00
myvesta
d3fb4e13d5 v-move-domain-and-database-to-account: Update wordfence-waf.php 
Update v-move-domain-and-database-to-account

Update v-delete-web-domain: deleting /hdd/home/$user/web/$domain

Update v-delete-user: deleting /hdd/home/$user

Update v-delete-mail-domain: removing /hdd/home/$user/mail/$domain_idn

Update v-change-domain-owner: moving /hdd/home/$owner/web/$domain

Update v-change-domain-owner: moving /hdd/home/$owner/mail/$domain

Update v-move-folder-and-make-symlink: debug and additional checking
 2025-05-26 09:39:29 +02:00
myvesta
83d12510e3 Update v-add-letsencrypt-domain: Detecting valid status on wildcard variant 2025-05-26 09:39:29 +02:00
myvesta
6dccbb8276 Update vst-install-debian.sh: mysql-apt-config_0.8.34-1_all.deb 2025-05-26 09:39:29 +02:00
myvesta
7388432261 parse_object_kv_list_non_eval() 2025-05-26 09:39:28 +02:00
myvesta
0d86e2ca40 Calculate size of directories on /hdd too 2025-05-26 09:39:28 +02:00
myvesta
8bdfade3d4 Update vst-install-debian.sh 2025-05-26 09:39:28 +02:00
myvesta
a86f76de09 Update db.sh - mysqldump --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB 2025-05-26 09:39:28 +02:00
myvesta
57f179ad05 When deleting a domain, also delete the database if the domain has a database. 2025-05-26 09:39:14 +02:00
myvesta
01e4890a97
Update multi-php-install.sh: Fixing disable_functions line 2025-03-31 16:41:43 +02:00
myvesta
4437f6f0da
Update v-move-folder-and-make-symlink 2025-03-19 16:25:04 +01:00
myvesta
24908aede1
Update v-move-folder-and-make-symlink 2025-03-19 16:22:54 +01:00
myvesta
dc1979461e
Update v-make-main-apache-log 2025-03-11 00:18:05 +01:00
58 changed files with 1881 additions and 561 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -4,3 +4,6 @@
*.gz *.gz
.vscode .vscode
.DS_Store .DS_Store
data
conf
log

10
bin/v-add-firewall-rule
View file

@ -83,6 +83,16 @@ sort_fw_rules
# Updating system firewall # Updating system firewall
$BIN/v-update-firewall $BIN/v-update-firewall
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
touch /etc/nginx/conf.d/block-firewall.conf
if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then
echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf
systemctl restart nginx
fi
fi
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

5
bin/v-add-letsencrypt-domain
View file

@ -308,6 +308,11 @@ for auth in $authz; do
if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then
break break
fi fi
if [ "$wildcard" = 'yes' ]; then
if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then
break
fi
fi
i=$((i + 1)) i=$((i + 1))
if ((i > 30)); then if ((i > 30)); then
break break

5
bin/v-add-user-package
View file

@ -28,7 +28,7 @@ is_package_new() {
} }
is_package_consistent() { is_package_consistent() {
source $pkg_dir/$package.pkg parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg)
if [ "$WEB_DOMAINS" != 'unlimited' ]; then if [ "$WEB_DOMAINS" != 'unlimited' ]; then
is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS' is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
fi fi
@ -63,6 +63,9 @@ is_package_consistent() {
is_int_format_valid $BACKUPS 'BACKUPS' is_int_format_valid $BACKUPS 'BACKUPS'
fi fi
is_format_valid_shell $SHELL is_format_valid_shell $SHELL
is_web_template_valid $WEB_TEMPLATE
is_dns_template_valid $DNS_TEMPLATE
is_proxy_template_valid $PROXY_TEMPLATE
} }

3
bin/v-backup-user
View file

@ -22,6 +22,9 @@ source $VESTA/func/domain.sh
source $VESTA/func/db.sh source $VESTA/func/db.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
if [ ! -z "$NOW" ]; then
BACKUP_LA_LIMIT=50
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Verifications # # Verifications #

1
bin/v-backup-user-now
View file

@ -1,5 +1,6 @@
#!/bin/bash #!/bin/bash
export ALLOW_BACKUP_ANYTIME='yes' export ALLOW_BACKUP_ANYTIME='yes'
export NOW='yes'
nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1 nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1

63
bin/v-change-database-password-for-all-wordpress Normal file
View file

@ -0,0 +1,63 @@
#!/bin/bash
# info: change db password to all wordpress databases
# options:
#
# The command is used for changing db password to all wordpress databases on the server.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Importing system variables
source /etc/profile
# Includes
source $VESTA/func/main.sh
only_user='';
if [ ! -z "$1" ]; then
only_user=$1
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
touch /root/remember-db-user-pass.txt
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
continue;
fi
if [ ! -z "$only_user" ]; then
if [ "$only_user" != "$user" ]; then
continue;
fi
fi
for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
/usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user
echo "--------------------------------"
fi
done
if [ ! -z "$only_user" ]; then
break;
fi
done
# cat /root/remember-db-user-pass.txt
rm /root/remember-db-user-pass.txt
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

123
bin/v-change-database-password-for-wordpress Normal file
View file

@ -0,0 +1,123 @@
#!/bin/bash
# info: change database password for wordpress
# options:
#
# The command is used for changing database password for wordpress.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
# Argument definition
domain=$1
# Check if number of arguments is 2
if [ $# -eq 2 ]; then
user=$2
else
user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
fi
USER=$user
if [ -z "$user" ]; then
echo "ERROR: Domain $domain not found"
exit 1;
fi
if [ ! -d "/home/$user" ]; then
echo "ERROR: User $user doesn't exist";
exit 1;
fi
# Includes
source /usr/local/vesta/func/main.sh
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
check_args '1' "$#" 'DOMAIN'
is_format_valid 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -d "/home/$user/web/$domain/public_html" ]; then
echo "ERROR: Domain doesn't exist";
exit 1;
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
echo "=== Domain: $domain"
wp_config_path="/home/$user/web/$domain/public_html/wp-config.php"
if grep -q $'\r' $wp_config_path; then
echo "=== removing CRLF from wp-config.php"
tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path
chown $user:$user $wp_config_path
fi
db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+")
db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+")
new_password=''
found_existing_password=0
if [ -f "/root/remember-db-user-pass.txt" ]; then
db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt)
if [ -n "$db_user_pass" ]; then
new_password=$(echo "$db_user_pass" | cut -d':' -f2)
echo "= Using existing password for $db_user"
found_existing_password=1
fi
fi
if [ -z "$new_password" ]; then
new_password=$(generate_password)
fi
echo "DB name: $db_name"
echo "DB user: $db_user"
echo "New DB password: $new_password"
if [ $found_existing_password -eq 0 ] && [ -f "/root/remember-db-user-pass.txt" ]; then
echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt
fi
/usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password"
if [ $? -ne 0 ]; then
echo "*************** ERROR: Failed to change database password ***************"
exit 1;
fi
line="define('DB_PASSWORD', '$new_password');"
chattr -i $wp_config_path
sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path
new_password_line=$(grep "DB_PASSWORD" $wp_config_path)
echo "New DB password line: $new_password_line"
if [ "$new_password_line" != "$line" ]; then
echo "*************** ERROR: line in wp-config.php is not what we expected ***************"
echo "Expected: $line"
echo "Actual : $new_password_line"
echo "*************** ERROR: Please check wp-config.php manually ***************"
exit 1;
fi
else
echo "ERROR: WP-config.php not found"
exit 1;
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

8
bin/v-change-domain-owner
View file

@ -82,6 +82,10 @@ if [ ! -z "$web_data" ]; then
# Move data # Move data
mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/ mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/
if [ -d "/hdd/home/$owner/web/$domain" ]; then
$BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain
fi
# Change ownership # Change ownership
find $HOMEDIR/$user/web/$domain -user $owner \ find $HOMEDIR/$user/web/$domain -user $owner \
-exec chown -h $user:$user {} \; -exec chown -h $user:$user {} \;
@ -152,6 +156,10 @@ if [ ! -z "$mail_data" ]; then
# Move data # Move data
mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/ mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/
if [ -d "/hdd/home/$owner/mail/$domain" ]; then
$BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain
fi
# Change ownership # Change ownership
find $HOMEDIR/$user/mail/$domain -user $owner \ find $HOMEDIR/$user/mail/$domain -user $owner \
-exec chown -h $user {} \; -exec chown -h $user {} \;

10
bin/v-change-firewall-rule
View file

@ -62,6 +62,8 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'" str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'"
str="$str TIME='$time' DATE='$date'" str="$str TIME='$time' DATE='$date'"
oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
# Deleting old rule # Deleting old rule
sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf
@ -74,6 +76,14 @@ sort_fw_rules
# Updating system firewall # Updating system firewall
$BIN/v-update-firewall $BIN/v-update-firewall
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
NEWIP=$ip
parse_object_kv_list_non_eval "$oldvalues"
sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf
systemctl restart nginx
fi
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

13
bin/v-change-user-package
View file

@ -16,6 +16,7 @@ force=$3
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
is_package_avalable() { is_package_avalable() {
@ -23,7 +24,7 @@ is_package_avalable() {
usr_data=$(cat $USER_DATA/user.conf) usr_data=$(cat $USER_DATA/user.conf)
IFS=$'\n' IFS=$'\n'
for key in $usr_data; do for key in $usr_data; do
eval ${key%%=*}=${key#*=} parse_object_kv_list_non_eval $key
done done
WEB_DOMAINS='0' WEB_DOMAINS='0'
@ -35,7 +36,7 @@ is_package_avalable() {
pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\ pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
grep -v DATE) grep -v DATE)
eval $pkg_data parse_object_kv_list_non_eval $pkg_data
# Checking usage agains package limits # Checking usage agains package limits
if [ "$WEB_DOMAINS" != 'unlimited' ]; then if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@ -73,11 +74,15 @@ is_package_avalable() {
check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage" check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
fi fi
fi fi
is_web_template_valid $WEB_TEMPLATE
is_dns_template_valid $DNS_TEMPLATE
is_proxy_template_valid $PROXY_TEMPLATE
} }
change_user_package() { change_user_package() {
eval $(cat $USER_DATA/user.conf) parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf)
eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
echo "FNAME='$FNAME' echo "FNAME='$FNAME'
LNAME='$LNAME' LNAME='$LNAME'
PACKAGE='$package' PACKAGE='$package'

160
bin/v-change-wordpress-admin-passwords Normal file
View file

@ -0,0 +1,160 @@
#!/bin/bash
# info: interactively delete or change WordPress admin passwords for a given domain
# options: DOMAIN
#
# d → delete user (with content reassignment)
# c → change password (random 10-char alnum)
# s → skip
# x → exit
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
source /etc/profile
DOMAIN="$1"
[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; }
USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
WP_PATH="/home/$USER/web/$DOMAIN/public_html"
[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
# WP-CLI wrapper
WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes)
return_code=$?
if [ $return_code -ne 0 ]; then
echo "WP-CLI error:"
cat /home/$USER/web/$DOMAIN/wp-cli-error.log
exit $return_code
fi
# random 10-char password
gen_pass() { tr -dc 'A-Za-z0-9' </dev/urandom | head -c 10; }
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
cd "$WP_PATH" || exit 1
echo
echo "WordPress administrators for $DOMAIN:"
echo "-------------------------------------"
if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
fi
ADMIN_LIST_CSV=$("${WP_RUN[@]}" user list --role=administrator \
--fields=ID,user_login,user_email \
--format=csv --skip-plugins --skip-themes 2>/dev/null | tail -n +2)
[ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; }
printf "%-6s %-20s %s\n" "ID" "Username" "Email"
echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do
printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL"
done
echo
echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit."
# interactive loop
while IFS=',' read -r ID LOGIN EMAIL; do
[ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN"
while true; do
echo "-------------------------------------"
read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty
case "$ACT" in
[Dd]* )
# read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty
CONF="y"
if [[ ! "$CONF" =~ ^[Nn]$ ]]; then
# build an array of OTHER admin usernames
mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}')
if [ "${#OTHER_USERS[@]}" -eq 0 ]; then
echo "Cannot delete the only administrator account."
break
fi
DEFAULT_USER="${OTHER_USERS[0]}"
echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}"
while true; do
read -r -p "Reassign content to which username? [default: $DEFAULT_USER] " REASSIGN < /dev/tty
REASSIGN=${REASSIGN:-$DEFAULT_USER}
if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then
break
else
echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}"
fi
done
# delete by username, reassign by username
"${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes --skip-plugins --skip-themes
if [ $? -eq 0 ]; then
echo "$TARGET deleted (content reassigned to $REASSIGN)."
else
cat /home/$USER/web/$DOMAIN/wp-cli-error.log
echo "Failed to delete $TARGET."
fi
else
echo "Deletion cancelled."
fi
break
;;
[Cc]* )
NEW_PASS=$(gen_pass)
"${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --skip-plugins --skip-themes
if [ $? -eq 0 ]; then
echo "Password for username '$TARGET' changed to: $NEW_PASS"
echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
else
cat /home/$USER/web/$DOMAIN/wp-cli-error.log
echo "Failed to change password for $TARGET."
fi
break
;;
[Ss]* )
echo "Skipping $TARGET."
break
;;
[Xx]* )
echo "Exiting."
exit 0
;;
* ) echo "Please answer d, c, s, or x." ;;
esac
done
done <<< "$ADMIN_LIST_CSV"
#----------------------------------------------------------#
# flush cache and refresh all security salts #
#----------------------------------------------------------#
echo "-------------------------------------"
echo
echo "Flushing cache and refreshing salts..."
"${WP_RUN[@]}" cache flush
"${WP_RUN[@]}" config shuffle-salts WP_CACHE_KEY_SALT --force
"${WP_RUN[@]}" config shuffle-salts
echo "Cache flushed and salts refreshed."
echo
echo "Done."
if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
echo "-------------------------------------"
echo "For website $DOMAIN - new wp-admin passwords have been set."
echo "-------------------------------------"
cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
echo "-------------------------------------"
echo ""
read -r -p "== Press Enter to continue..."
fi
exit 0

7
bin/v-clean-garbage
View file

@ -90,6 +90,13 @@ if [ $fail2ban_running -eq 1 ]; then
fi fi
if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
rm /var/lib/fail2ban/fail2ban.sqlite3 rm /var/lib/fail2ban/fail2ban.sqlite3
if [ -f "/etc/nginx/conf.d/block.conf" ]; then
truncate -s 0 /etc/nginx/conf.d/block.conf
nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
if [ $nginx_running -eq 1 ]; then
systemctl restart nginx
fi
fi
fi fi
if [ $fail2ban_running -eq 1 ]; then if [ $fail2ban_running -eq 1 ]; then
systemctl start fail2ban systemctl start fail2ban

59
bin/v-clear-fail2ban Normal file
View file

@ -0,0 +1,59 @@
#!/bin/bash
# info: Clean fail2ban database
# options: NONE
#
# The function is cleaning fail2ban database
#----------------------------------------------------------#
# Verifications & Variable & Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# check if fail2ban is installed
fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban')
if [ $fail2ban_installed -eq 0 ]; then
echo "Fail2ban is not installed"
exit 1
fi
# Includes
source /usr/local/vesta/func/main.sh
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Cleaning fail2ban database
fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running')
if [ $fail2ban_running -eq 1 ]; then
echo "== Stopping fail2ban"
systemctl stop fail2ban
fi
if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
echo "== Cleaning fail2ban database"
rm /var/lib/fail2ban/fail2ban.sqlite3
if [ -f "/etc/nginx/conf.d/block.conf" ]; then
echo "== Cleaning nginx block.conf"
truncate -s 0 /etc/nginx/conf.d/block.conf
nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
if [ $nginx_running -eq 1 ]; then
echo "== Restarting nginx"
systemctl restart nginx
fi
fi
fi
if [ $fail2ban_running -eq 1 ]; then
echo "== Starting fail2ban"
systemctl start fail2ban
fi
echo "== Done, fail2ban database cleaned"
log_event "$OK" "$ARGUMENTS"
exit

13
bin/v-commander
View file

@ -101,7 +101,7 @@ myhelp() {
echo "m def = install php-memcached if needed" echo "m def = install php-memcached if needed"
echo "check fc = check if FreshClam is up" echo "check fc = check if FreshClam is up"
echo "-----------------------------" echo "-----------------------------"
echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account" echo "enable-ssh-root-password-login = Allow root password authentication via SSH"
echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub" echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub"
echo "-----------------------------" echo "-----------------------------"
} }
@ -535,18 +535,11 @@ do
echo "--- New settings ---" echo "--- New settings ---"
grep '^PermitRoot' /etc/ssh/sshd_config grep '^PermitRoot' /etc/ssh/sshd_config
echo "--------------------" echo "--------------------"
root_password=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32)
hashed_root_password=$(openssl passwd -6 "$root_password")
sed -i "s#^root:.*#root:$hashed_root_password#" /etc/shadow
echo "Root password is now a new random password."
echo "New root password: $root_password"
echo "--------------------"
grep '^root:' /etc/shadow
grep '^admin:' /etc/shadow
echo "--------------------"
echo "Port 22 opened in Firewall for all IP addresses." echo "Port 22 opened in Firewall for all IP addresses."
/usr/local/vesta/bin/v-unsuspend-firewall-rule "11" /usr/local/vesta/bin/v-unsuspend-firewall-rule "11"
echo "--------------------" echo "--------------------"
echo "Type 'passwd' in the terminal to set the root password."
echo "--------------------"
fi fi
if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then

69
bin/v-delete-database-of-domain Normal file
View file

@ -0,0 +1,69 @@
#!/bin/bash
# info: delete database if domain has database
# options: DOMAIN
#
# The function for deleting database if domain has database
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
# Argument definition
domain=$1
user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
USER=$user
# Includes
source /usr/local/vesta/func/main.sh
if [ -z "$user" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'DOMAIN'
is_format_valid 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
RET=$OK
# echo "================================="
r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain)
# echo $r
eval $r
# echo "================================="
if [ ! -z "$DATABASE_NAME" ]; then
echo "=== v-delete-database $USER $DATABASE_NAME"
/usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME
if [ $? -ne 0 ]; then
echo "=== v-delete-database failed"
RET=$E_NOTEXIST
fi
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
log_event "$RET" "$ARGUMENTS"
exit

7
bin/v-delete-domain
View file

@ -37,9 +37,10 @@ is_object_unsuspended 'user' 'USER' "$user"
if [ ! -z "$WEB_SYSTEM" ]; then if [ ! -z "$WEB_SYSTEM" ]; then
str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf) str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
if [ ! -z "$str" ]; then if [ ! -z "$str" ]; then
$BIN/v-delete-database-of-domain $domain
domain_found='yes' domain_found='yes'
$BIN/v-delete-web-domain $user $domain 'no' $BIN/v-delete-web-domain $user $domain 'no'
check_result $? "can't suspend web" > /dev/null check_result $? "can't delete web" > /dev/null
fi fi
fi fi
@ -49,7 +50,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then
if [ ! -z "$str" ]; then if [ ! -z "$str" ]; then
domain_found='yes' domain_found='yes'
$BIN/v-delete-dns-domain $user $domain 'no' $BIN/v-delete-dns-domain $user $domain 'no'
check_result $? "can't suspend dns" > /dev/null check_result $? "can't delete dns" > /dev/null
fi fi
fi fi
@ -59,7 +60,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then
if [ ! -z "$str" ]; then if [ ! -z "$str" ]; then
domain_found='yes' domain_found='yes'
$BIN/v-delete-mail-domain $user $domain $BIN/v-delete-mail-domain $user $domain
check_result $? "can't suspend mail" > /dev/null check_result $? "can't delete mail" > /dev/null
fi fi
fi fi

9
bin/v-delete-firewall-rule
View file

@ -34,12 +34,21 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule"
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
# Deleting rule # Deleting rule
sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf
# Updating system firewall # Updating system firewall
$BIN/v-update-firewall $BIN/v-update-firewall
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
parse_object_kv_list_non_eval "$oldvalues"
if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
sed -i "/$IP/d" /etc/nginx/conf.d/block-firewall.conf
systemctl restart nginx
fi
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

3
bin/v-delete-mail-domain
View file

@ -51,6 +51,9 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn
rm -rf $HOMEDIR/$user/conf/mail/$domain rm -rf $HOMEDIR/$user/conf/mail/$domain
rm -rf $HOMEDIR/$user/mail/$domain_idn rm -rf $HOMEDIR/$user/mail/$domain_idn
if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then
rm -rf /hdd/home/$user/mail/$domain_idn
fi
fi fi
# Deleting dkim dns record # Deleting dkim dns record

2
bin/v-delete-mail-domain-dkim
View file

@ -48,7 +48,7 @@ fi
# Deleting dns record # Deleting dns record
if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
records=$($BIN/v-list-dns-records $user $domain plain) records=$($BIN/v-list-dns-records $user $domain plain)
dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ') dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}')
for id in $dkim_records; do for id in $dkim_records; do
$BIN/v-delete-dns-record $user $domain $id $BIN/v-delete-dns-record $user $domain $id
done done

127
bin/v-delete-mails Normal file
View file

@ -0,0 +1,127 @@
#!/bin/bash
# info: delete old emails (by mtime) for user/domain/account, with optional scope
# usage: v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE
# SCOPE: all clean every Maildir folder (cur, new, tmp, custom subfolders)
# trash clean only Trash/Junk/Spam folders
# load Vesta functions & config
source "$VESTA/func/main.sh"
source "$VESTA/conf/vesta.conf"
# read arguments
user="$1"
domain="$2"
account="$3"
mtime="$4"
scope="$5"
# verify argument count
check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE'
# validate scope
if [[ "$scope" != "all" && "$scope" != "trash" ]]; then
echo "ERROR: SCOPE must be 'all' or 'trash'."
exit 1
fi
# validate logical combinations
if [[ "$user" == "all" ]]; then
if [[ "$domain" != "all" || "$account" != "all" ]]; then
echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'."
exit 1
fi
elif [[ "$domain" == "all" && "$account" != "all" ]]; then
echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'."
exit 1
fi
# build a detailed summary for the warning
declare -a summary_parts
if [[ "$user" == "all" ]]; then
summary_parts+=("all users")
else
summary_parts+=("user '$user'")
fi
if [[ "$domain" == "all" ]]; then
summary_parts+=("all domains")
else
summary_parts+=("domain '$domain'")
fi
if [[ "$account" == "all" ]]; then
summary_parts+=("all accounts")
else
summary_parts+=("account '$account'")
fi
# join with commas
summary=$(printf ", %s" "${summary_parts[@]}")
summary=${summary:2}
# only warn if any of them is 'all' or if mtime is 'all'
if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then
echo "WARNING: This will delete emails older than '$mtime' days for ${summary}."
read -p "Are you sure? (yes/no): " confirm
[[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; }
fi
# function to delete emails
delete_emails() {
local u="$1" d="$2" a="$3"
local maildir="/home/$u/mail/$d/$a"
[[ ! -d "$maildir" ]] && return
echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime"
# build find predicates
if [[ "$scope" == "all" ]]; then
folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" )
else
folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" )
fi
# assemble and run find
if [[ "$mtime" == "all" ]]; then
find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null
else
find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null
fi
}
# collect users
if [[ "$user" == "all" ]]; then
users=$(v-list-users plain | awk '{print $1}')
else
users="$user"
fi
# iterate through users, domains, accounts
for u in $users; do
if [[ "$domain" == "all" ]]; then
domains=$(v-list-mail-domains "$u" plain | awk '{print $1}')
else
domains="$domain"
fi
for d in $domains; do
if [[ "$account" == "all" ]]; then
accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}')
else
accounts="$account"
fi
for a in $accounts; do
delete_emails "$u" "$d" "$a"
done
done
done
# restart dovecot to refresh mailbox state
systemctl restart dovecot
# log the action (status first, then message)
log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account"
exit 0

2
bin/v-delete-user
View file

@ -94,7 +94,7 @@ fi
# Deleting user directories # Deleting user directories
chattr -i $HOMEDIR/$user/conf chattr -i $HOMEDIR/$user/conf
rm -rf $HOMEDIR/$user rm -rf $HOMEDIR/$user
if [ -f "/hdd/home/$user" ]; then if [ -d "/hdd/home/$user" ]; then
rm -rf /hdd/home/$user rm -rf /hdd/home/$user
fi fi
rm -f /var/spool/mail/$user rm -f /var/spool/mail/$user

3
bin/v-delete-web-domain
View file

@ -130,6 +130,9 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error*
# Deleting directory # Deleting directory
rm -rf $HOMEDIR/$user/web/$domain rm -rf $HOMEDIR/$user/web/$domain
if [ -d "/hdd/home/$user/web/$domain" ]; then
rm -rf /hdd/home/$user/web/$domain
fi
#----------------------------------------------------------# #----------------------------------------------------------#

79
bin/v-desinfect-wordpress Normal file
View file

@ -0,0 +1,79 @@
#!/bin/bash
# info: disinfect a WordPress site with several maintenance commands
# options: DOMAIN
# -------------------------------------------------------- #
# variables and checks #
# -------------------------------------------------------- #
if [ "$(whoami)" != "root" ]; then
echo "You must be root to run this command."
exit 1
fi
# make sure all Vesta helper scripts are reachable
export PATH="/usr/local/vesta/bin:$PATH"
source /etc/profile
domain="$1"
if [ -z "$domain" ]; then
echo "Usage: v-desinfect-wp DOMAIN"
exit 1
fi
user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain")
if [ -z "$user" ]; then
echo "Domain $domain does not exist."
exit 1
fi
# absolute paths to maintenance scripts, in desired order
declare -a tasks=(
"/usr/local/vesta/bin/v-change-database-password-for-wordpress"
"/usr/local/vesta/bin/v-change-wordpress-admin-passwords"
"/usr/local/vesta/bin/v-fix-wordpress-core"
"/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
"INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
)
# -------------------------------------------------------- #
# execution strategy #
# -------------------------------------------------------- #
echo
read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty
if [[ "$run_all" =~ ^[Yy]$ ]]; then
echo "Running all maintenance steps for $domain"
automatic=true
else
echo
echo "Selective mode. You will be asked for each step."
automatic=false
fi
for cmd in "${tasks[@]}"; do
if [ ! -x "$cmd" ]; then
echo "Command $cmd not found or not executable, skipping."
continue
fi
if [ "$automatic" = false ]; then
while true; do
read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty
case "$yn" in
[Yy]* ) break ;;
[Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;;
* ) echo "Please answer y or n." ;;
esac
done
fi
echo
echo "=== $(basename "$cmd") $domain ==="
"$cmd" "$domain"
done
echo
echo "Done."
exit 0

1
bin/v-fix-user-permissions
View file

@ -52,6 +52,7 @@ find /home/$user/conf/ -type d -exec chown root:root {} \;
find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} + find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} +
find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} + find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} +
find /home/$user/web/*/public_html/ -exec chown $user:$user {} \; find /home/$user/web/*/public_html/ -exec chown $user:$user {} \;
find /home/$user/web/*/ -name "*.php" -type f -exec chmod 600 {} +
echo "Done, permissions fixed for user: $user" echo "Done, permissions fixed for user: $user"

29
bin/v-fix-website-permissions
View file

@ -18,7 +18,13 @@ source /etc/profile
# Argument definition # Argument definition
domain=$1 domain=$1
user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) # Check if number of arguments is 2
if [ $# -eq 2 ]; then
user=$2
else
user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
fi
USER=$user
# Includes # Includes
source /usr/local/vesta/func/main.sh source /usr/local/vesta/func/main.sh
@ -27,8 +33,6 @@ if [ -z "$user" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist" check_result $E_NOTEXIST "domain $domain doesn't exist"
fi fi
USER=$user
#----------------------------------------------------------# #----------------------------------------------------------#
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
@ -54,14 +58,31 @@ fi
# Going to domain directory # Going to domain directory
cd /home/$USER/web/$domain cd /home/$USER/web/$domain
# Ownership check
if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then
owner=$(stat -c '%U' "public_html/index.php")
if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then
echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)"
exit 1
fi
fi
echo "Updating permissions for /home/$USER/web/$domain/public_html/" echo "Updating permissions for /home/$USER/web/$domain/public_html/"
find public_html/ -type d -exec chmod 755 {} + find public_html/ -type d -exec chmod 755 {} +
find public_html/ -type f -exec chmod 644 {} + find public_html/ -type f -exec chmod 644 {} +
chown -R $USER:$USER public_html/ chown -R $USER:$USER public_html/
# Setting chmod 600 for all php files
echo "= Setting chmod 600 for all php files"
find -name "*.php" -type f -exec chmod 600 {} +
find -name ".env" -type f -exec chmod 600 {} +
find -name "*.php" -type f -exec chown $USER:$USER {} +
find -name ".env" -type f -exec chown $USER:$USER {} +
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #
#----------------------------------------------------------# #----------------------------------------------------------#
echo "Permissions for $domain have been successfully updated." echo "Permissions for $domain have been successfully updated."
exit exit 0

41
bin/v-fix-website-permissions-for-all-websites Normal file
View file

@ -0,0 +1,41 @@
#!/bin/bash
# info: fix website permissions for all websites
# options:
#
# The command is used for fixing website permissions for all websites on the server.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Importing system variables
source /etc/profile
# Includes
source $VESTA/func/main.sh
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
continue;
fi
for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
/usr/local/vesta/bin/v-fix-website-permissions $domain $user
echo "--------------------------------"
done
done
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

110
bin/v-fix-wordpress-core Normal file
View file

@ -0,0 +1,110 @@
#!/bin/bash
# info: fix compromised wp-admin and wp-includes
# options: DOMAIN [CACHE_DIR]
#
# Replaces wp-admin and wp-includes with clean copies that match
# the WordPress core version detected on the site.
#
# Example:
# v-fix-wp-core example.com
# v-fix-wp-core example.com /srv/wp-cache
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Arguments
DOMAIN="$1"
CACHE_DIR="${2-/srv/wp-cache}" # default cache location
QUARANTINE_DIR="/srv/wp-quarantine"
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'DOMAIN [CACHE_DIR]'
is_format_valid 'domain'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace
trap 'rm -rf "$TMP_DIR"' EXIT
# 1etermine WP version
WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')"
check_result $? "cannot detect WP version" > /dev/null
if [ -z "$WP_VERSION" ]; then
check_result 1 "empty WP version string"
fi
echo "Detected WordPress version $WP_VERSION"
# 2ind site owner and path
USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
check_result $? "cannot find domain owner" > /dev/null
SITE_PATH="/home/$USER/web/$DOMAIN/public_html"
if [ ! -d "$SITE_PATH" ]; then
check_result 1 "site path $SITE_PATH does not exist"
fi
# ensure cached core is present
CACHE_PATH="$CACHE_DIR/$WP_VERSION"
if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then
echo "Cache for $WP_VERSION missing, downloading ZIP..."
mkdir -p "$CACHE_PATH"
ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip"
ZIP_FILE="$TMP_DIR/wp.zip"
curl -fSL "$ZIP_URL" -o "$ZIP_FILE"
check_result $? "download failed" > /dev/null
unzip -q "$ZIP_FILE" -d "$TMP_DIR"
check_result $? "unzip failed" > /dev/null
mv "$TMP_DIR/wordpress/wp-admin" "$CACHE_PATH/"
mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/"
cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/"
fi
# backup current core folders
TIMESTAMP="$(date +%Y%m%d%H%M%S)"
BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP"
mkdir -p "$BACKUP_DIR"
mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/"
mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/"
for f in "$SITE_PATH"/*.php; do
[[ $(basename "$f") == "wp-config.php" ]] && continue
mv "$f" "$BACKUP_DIR/"
done
if [ -f "$SITE_PATH/.user.ini" ]; then
mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/"
fi
# chown -R www-data:www-data "$BACKUP_DIR"
check_result $? "backup failed" > /dev/null
echo "Old core folders moved to $BACKUP_DIR"
# deploy clean core
rsync -a --delete "$CACHE_PATH/wp-admin/" "$SITE_PATH/wp-admin/"
rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/"
check_result $? "rsync failed" > /dev/null
for corephp in "$CACHE_PATH"/*.php; do
base=$(basename "$corephp")
[ "$base" = "wp-config.php" ] && continue
rsync -a "$corephp" "$SITE_PATH/$base"
done
# fix permissions
SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN
# chown -R www-data:www-data "$BACKUP_DIR"
echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN"
exit

44
bin/v-get-wp-cli Normal file
View file

@ -0,0 +1,44 @@
#!/bin/bash
# info: Download WP CLI
# options: NONE
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
if [ ! -f "/usr/local/bin/composer" ]; then
echo "= Composer is not installed. Installing..."
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php --install-dir=/usr/local/bin --filename=composer
php -r "unlink('composer-setup.php');"
echo "= Composer installed successfully."
fi
if [ -d "/usr/local/bin/wp-cli" ]; then
echo "= Removing old WP CLI..."
rm -rf /usr/local/bin/wp-cli
fi
cd /usr/local/bin
git clone https://github.com/wp-cli/wp-cli.git
chown -R www-data:www-data wp-cli
cd wp-cli/
sudo -H -u www-data composer install
# Fix terminal columns issue for WP CLI
/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php'
echo "= WP CLI installed successfully."
exit 0;

8
bin/v-import-cpanel-backup
View file

@ -157,11 +157,15 @@ for sk_dbr in $sk_db_list
echo " Create and restore ${sk_dbr} " echo " Create and restore ${sk_dbr} "
sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create
sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create
v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.create; then
v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create
fi
mysql < mysql/${sk_dbr}.create mysql < mysql/${sk_dbr}.create
sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql
sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql
v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.sql; then
v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql
fi
mysql ${sk_dbr} < mysql/${sk_dbr}.sql mysql ${sk_dbr} < mysql/${sk_dbr}.sql
else else
echo "Error: Cant restore database $sk_dbr alredy exists in mysql server" echo "Error: Cant restore database $sk_dbr alredy exists in mysql server"

4
bin/v-install-unsigned-ssl
View file

@ -52,7 +52,9 @@ fi
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
/usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" if [ -f "/home/$user/conf/web/ssl.$domain.crt" ]; then
/usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain"
fi
release=$(cat /etc/debian_version | tr "." "\n" | head -n1) release=$(cat /etc/debian_version | tr "." "\n" | head -n1)

30
bin/v-install-wordpress
View file

@ -95,19 +95,22 @@ PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
PROTOCOL='http' PROTOCOL='https'
if [ -z "$SKIP_LE" ]; then
if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then
/usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" echo "== Trying to install LetsEncrypt for domain $domain"
fi /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes"
else fi
PROTOCOL='https'
if [ ! -z "$FORCE_HTTP" ]; then
# Switch to http:// only if --FORCE_HTTP parameter is set
echo "== Force http://"
PROTOCOL='http'
fi fi
TPL_CHANGED=0; TPL_CHANGED=0;
if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then if [ "$PROTOCOL" = "https" ]; then
PROTOCOL='https'
if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
TPL_CHANGED=1; TPL_CHANGED=1;
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
@ -116,7 +119,8 @@ if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then
TPL_CHANGED=1; TPL_CHANGED=1;
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
fi fi
else fi
if [ "$PROTOCOL" = "http" ]; then
if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
TPL_CHANGED=1; TPL_CHANGED=1;
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
@ -147,11 +151,11 @@ sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user="
mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';" mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';"
echo "=================================================================" echo "================================================================="
echo "Installation is complete. Your username/password is listed below." echo "Your WordPress installation is complete."
echo "" echo ""
echo "Site: $PROTOCOL://$domain/" echo "Website URL: $PROTOCOL://$domain/"
echo "" echo ""
echo "Login: $PROTOCOL://$domain/wp-admin/" echo "WordPress admin login: $PROTOCOL://$domain/wp-admin/"
echo "Username: $wpadmin" echo "Username: $wpadmin"
echo "Password: $password" echo "Password: $password"
echo "" echo ""

3
bin/v-list-sys-config
View file

@ -54,7 +54,8 @@ json_list() {
"SOFTACULOUS": "'$SOFTACULOUS'", "SOFTACULOUS": "'$SOFTACULOUS'",
"MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'", "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'",
"MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'", "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
"VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'" "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'",
"DISABLE_IP_CHECK": "'$DISABLE_IP_CHECK'"
} }
}' }'
} }

8
bin/v-make-main-apache-log
View file

@ -11,10 +11,4 @@ if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i
fi fi
systemctl restart apache2 systemctl restart apache2
if [ ! -f "/root/analyze-traffic-per-time.php" ]; then wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic.php -O /root/analyze-traffic.php
wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-time.php -O /root/analyze-traffic-per-time.php
wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-time.php -O /root/analyze-traffic-per-site-sort-by-time.php
wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-hits.php -O /root/analyze-traffic-per-site-sort-by-hits.php
wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-time.php -O /root/analyze-traffic-per-ip-sort-by-time.php
wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-hits.php -O /root/analyze-traffic-per-ip-sort-by-hits.php
fi

44
bin/v-move-domain-and-database-to-account
View file

@ -92,31 +92,51 @@ fi
# Update Wordfence WAF Path # # Update Wordfence WAF Path #
#----------------------------------------------------------# #----------------------------------------------------------#
# Path to .user.ini file filepath="/home/USER_TO/web/$domain/public_html/.user.ini"
user_ini="$USER_DATA/web/$domain/public_html/.user.ini" filename=$(basename $filepath)
# Check if .user.ini exists # Check if file exists
if [ -f "$user_ini" ]; then if [ -f "$filepath" ]; then
echo "Updating .user.ini with new user path..." echo "Updating $filename with new user path..."
# Temporary file for modification # Temporary file for modification
tmp_file=$(mktemp) tmp_file=$(mktemp)
# Change path from old USER to new USER_TO # Change path from old USER to new USER_TO
sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$user_ini" > "$tmp_file" sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file"
# Check if replacement was successful and update .user.ini # Check if replacement was successful and update file
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
mv "$tmp_file" "$user_ini" mv "$tmp_file" "$filepath"
echo ".user.ini updated successfully." echo "$filename updated successfully."
else else
echo "Failed to update .user.ini file." echo "Failed to update $filename file."
rm "$tmp_file" # Deletes temporary file rm "$tmp_file" # Deletes temporary file
fi fi
else
echo ".user.ini does not exist, no changes made."
fi fi
filepath="/home/USER_TO/web/$domain/public_html/wordfence-waf.php"
filename=$(basename $filepath)
# Check if file exists
if [ -f "$filepath" ]; then
echo "Updating $filename with new user path..."
# Temporary file for modification
tmp_file=$(mktemp)
# Change path from old USER to new USER_TO
sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file"
# Check if replacement was successful and update file
if [ $? -eq 0 ]; then
mv "$tmp_file" "$filepath"
echo "$filename updated successfully."
else
echo "Failed to update $filename file."
rm "$tmp_file" # Deletes temporary file
fi
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

28
bin/v-move-folder-and-make-symlink
View file

@ -19,6 +19,8 @@ fi
FROMFOLDER=$1 FROMFOLDER=$1
TOFOLDER=$2 TOFOLDER=$2
echo "Executing: v-move-folder-and-make-symlink $1 $2"
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
@ -26,6 +28,16 @@ source $VESTA/func/main.sh
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
if [ -z "$FROMFOLDER" ]; then
echo "First parameter is empty, aborting"
exit 1
fi
if [ -z "$TOFOLDER" ]; then
echo "Second parameter is empty, aborting"
exit 1
fi
# Trimming the ending slash, just in case # Trimming the ending slash, just in case
FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::') FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::')
TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::') TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::')
@ -66,19 +78,21 @@ fi
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
rsync -a "$FROMFOLDER/" "$TOFOLDER/"
# with slashes on the end of the path of both folders
if [ "$?" -ne 0 ]; then
echo "Error happened, aborting"
exit 1
fi
if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then
# if we are moving myVesta home folder, we must remove immutable attribute from conf/ files # if we are moving myVesta home folder, we must remove immutable attribute from conf/ files
chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1 chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1
# with slashes on the end of the path of the folder # with slashes on the end of the path of the folder
fi fi
# rsync -a "$FROMFOLDER/" "$TOFOLDER/"
# with slashes on the end of the path of both folders
mv "$FROMFOLDER" "$TOFOLDER"
if [ "$?" -ne 0 ]; then
echo "Error happened, aborting"
exit 1
fi
rm -rf "$FROMFOLDER" rm -rf "$FROMFOLDER"
# without slash on the end of the path of the folder # without slash on the end of the path of the folder

35
bin/v-run-wp-cli
View file

@ -36,10 +36,13 @@ fi
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
VERBOSE_MODE=1
check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND' check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND'
is_format_valid 'domain' is_format_valid 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
is_object_unsuspended 'web' 'DOMAIN' "$domain"
if [ ! -d "/home/$user" ]; then if [ ! -d "/home/$user" ]; then
# echo "User doesn't exist"; # echo "User doesn't exist";
@ -58,22 +61,42 @@ if ! command -v wp &> /dev/null; then
echo "WP CLI installed successfully." echo "WP CLI installed successfully."
fi fi
if [ ! -d "/home/$user/web/$domain/public_html" ]; then wpcli="/usr/local/bin/wp"
# echo "Domain doesn't exist";
exit 1; if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then
wpcli="/usr/local/bin/wp-cli/php/boot-fs.php"
COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}')
echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS
fi fi
phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") mkdir -p /home/$user/.wp-cli
chown $user:$user /home/$user/.wp-cli
if [ -z "$PHP" ]; then
phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain")
else
phpver=$PHP
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
cd /home/$USER/web/$domain/public_html cd /home/$USER/web/$domain/public_html
sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log
return_code=$?
if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then
rm /usr/local/bin/wp-cli/COLUMNS
fi
# echo "WP CLI: Done."
# echo "To see Warning/Error log: "
# echo "cat /home/$user/web/$domain/wp-cli-error.log"
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #
#----------------------------------------------------------# #----------------------------------------------------------#
exit 0; exit $return_code;

2
bin/v-unlock-wordpress
View file

@ -58,6 +58,8 @@ chown -R $user:$user public_html/
rm public_html/wp-content/uploads/.htaccess rm public_html/wp-content/uploads/.htaccess
/usr/local/vesta/bin/v-fix-website-permissions $domain
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #
#----------------------------------------------------------# #----------------------------------------------------------#

48
bin/v-update-document-errors-files Normal file
View file

@ -0,0 +1,48 @@
#!/bin/bash
# info: fix website permissions for all websites
# options:
#
# The command is used for fixing website permissions for all websites on the server.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Importing system variables
source /etc/profile
# Includes
source $VESTA/func/main.sh
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
continue;
fi
for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
cp /usr/local/vesta/data/templates/web/skel/document_errors/403.html /home/$user/web/$domain/document_errors/403.html
cp /usr/local/vesta/data/templates/web/skel/document_errors/404.html /home/$user/web/$domain/document_errors/404.html
cp /usr/local/vesta/data/templates/web/skel/document_errors/50x.html /home/$user/web/$domain/document_errors/50x.html
sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/403.html
sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/404.html
sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/50x.html
chown $user:$user /home/$user/web/$domain/document_errors/*
chmod 644 /home/$user/web/$domain/document_errors/*
done
done
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

3
bin/v-update-mail-domain-disk
View file

@ -49,7 +49,8 @@ dom_diks=0
for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do
home_dir=$HOMEDIR/$user/mail/$domain/$account home_dir=$HOMEDIR/$user/mail/$domain/$account
if [ -e "$home_dir" ]; then if [ -e "$home_dir" ]; then
udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 ) cd $home_dir
udisk=$(nice -n 19 du -shm ./ | cut -f 1 )
else else
udisk=0 udisk=0
fi fi

4
bin/v-update-mail-domains-disk
View file

@ -35,9 +35,9 @@ fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Starting loop # Starting loop
for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do for domain in $(list_objects 'mail' 'DOMAIN'); do
dom_diks=0 dom_diks=0
accounts=$(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT') accounts=$(list_objects "mail/$domain" 'ACCOUNT')
for account in $accounts; do for account in $accounts; do
home_dir=$HOMEDIR/$user/mail/$domain/$account home_dir=$HOMEDIR/$user/mail/$domain/$account
if [ -e "$home_dir" ]; then if [ -e "$home_dir" ]; then

8
bin/v-update-web-domain-disk
View file

@ -50,6 +50,14 @@ if [ -e "$home_dir" ]; then
disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 )
fi fi
# Defining hdd home directory
home_dir="/hdd$HOMEDIR/$user/web/$domain/"
# Checking home directory exist
if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then
disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 )
disk_usage=$(( disk_usage + disk_usage2 ))
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

7
bin/v-update-web-domains-disk
View file

@ -32,11 +32,16 @@ is_object_valid 'user' 'USER' "$user"
#----------------------------------------------------------# #----------------------------------------------------------#
# Domain loop # Domain loop
for domain in $(search_objects 'web' 'SUSPENDED' "no" 'DOMAIN'); do for domain in $(list_objects 'web' 'DOMAIN'); do
home_dir="$HOMEDIR/$user/web/$domain/" home_dir="$HOMEDIR/$user/web/$domain/"
if [ -e "$home_dir" ]; then if [ -e "$home_dir" ]; then
disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 )
fi fi
home_dir="/hdd$HOMEDIR/$user/web/$domain/"
if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then
disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 )
disk_usage=$(( disk_usage + disk_usage2 ))
fi
update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage" update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage"
done done

2
func/db.sh
View file

@ -58,7 +58,7 @@ mysql_query() {
mysql_dump() { mysql_dump() {
err="/tmp/e.mysql" err="/tmp/e.mysql"
mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err mysqldump --defaults-file=$mycnf --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB -r $1 $2 2> $err
if [ '0' -ne "$?" ]; then if [ '0' -ne "$?" ]; then
rm -rf $tmpdir rm -rf $tmpdir
if [ "$notify" != 'no' ]; then if [ "$notify" != 'no' ]; then

1
func/main.php
View file

@ -53,6 +53,7 @@ function myvesta_check_args ($requried_arguments, $arguments) {
$argument_counter=count($argv); $argument_counter=count($argv);
$argument_counter--; $argument_counter--;
$argv[0]=str_replace('/usr/local/vesta/bin/', '', $argv[0]); $argv[0]=str_replace('/usr/local/vesta/bin/', '', $argv[0]);
$command=$argv[0];
// myvesta_echo ( "-------------------- ".$argv[0]." --------------------\n"); // myvesta_echo ( "-------------------- ".$argv[0]." --------------------\n");
if ($argument_counter<$requried_arguments) { if ($argument_counter<$requried_arguments) {
$arguments=str_replace(" ", "' '", $arguments); $arguments=str_replace(" ", "' '", $arguments);

93
func/main.sh
View file

@ -254,6 +254,9 @@ is_object_unsuspended() {
spnd=$(grep "$2='$3'" $USER_DATA/$1.conf |grep "SUSPENDED='yes'") spnd=$(grep "$2='$3'" $USER_DATA/$1.conf |grep "SUSPENDED='yes'")
fi fi
if [ ! -z "$spnd" ]; then if [ ! -z "$spnd" ]; then
if [ ! -z "$VERBOSE_MODE" ]; then
echo "Error: $(basename $1) $3 is suspended"
fi
check_result $E_SUSPENDED "$(basename $1) $3 is suspended" check_result $E_SUSPENDED "$(basename $1) $3 is suspended"
fi fi
} }
@ -359,6 +362,17 @@ search_objects() {
IFS="$OLD_IFS" IFS="$OLD_IFS"
} }
# List objects
list_objects() {
OLD_IFS="$IFS"
IFS=$'\n'
for line in $(cat $USER_DATA/$1.conf); do
eval $line
eval echo \$$2
done
IFS="$OLD_IFS"
}
# Get user value # Get user value
get_user_value() { get_user_value() {
grep "^${1//$/}=" $USER_DATA/user.conf |awk -F "'" '{print $2}' grep "^${1//$/}=" $USER_DATA/user.conf |awk -F "'" '{print $2}'
@ -1143,3 +1157,82 @@ check_if_service_exists() {
echo "0" echo "0"
fi fi
} }
# Parsing config variables with key='value' and key="value" pairs and setting them as variables, without using Perl.
# Inspired by HestiaCP function and improved
parse_object_kv_list_non_eval() {
# Let's combine all the parameters into one string, replace the new lines with a space
local str="${*//$'\n'/ }"
str=${str//\\\'/---QUOTE---}
str=${str//\\\"/---DQUOTE---}
local backup_str=$str
local key val match i length length_val prefix position cut
i=0
# Searching for key='value' blocks
# Loop until we find the next key='value'
while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\'([^\']*)\' ]]; do
key="${BASH_REMATCH[1]}"
val="${BASH_REMATCH[2]}"
match="${BASH_REMATCH[0]}"
length=${#match}
length_val=${#match}
# Key validation: alphanumeric, length 266 (key must start and end with a letter/number)
if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
check_result "$E_INVALID" "Invalid key format [$key]"
fi
# Declaring a global variable
val=${val/---QUOTE---/\\\'}
val=${val/---DQUOTE---/\\\"}
declare -g "$key"="$val"
# Let's remove the processed part from str to continue
prefix=${str%%"$key="*}
position=${#prefix}
cut=$((position + 1 + length_val))
str=${str:cut}
((i++))
if [ $i -eq 100 ]; then
check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected"
fi
done
# Terminate function if we don't expect strings with double apostrophes
if [ -z "$PARSE_DOUBLE_QUOTES_VAR" ]; then
return;
fi
# Searching for key="value" blocks
str=$backup_str
i=0
# Loop until we find the next key="value"
while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\"([^\"]*)\" ]]; do
key="${BASH_REMATCH[1]}"
val="${BASH_REMATCH[2]}"
match="${BASH_REMATCH[0]}"
length=${#match}
length_val=${#match}
# Key validation: alphanumeric, length 266 (key must start and end with a letter/number)
if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
check_result "$E_INVALID" "Invalid key format [$key]"
fi
# Declaring a global variable
val=${val/---QUOTE---/\\\'}
val=${val/---DQUOTE---/\\\"}
declare -g "$key"="$val"
# Let's remove the processed part from str to continue
prefix=${str%%"$key="*}
position=${#prefix}
cut=$((position + 1 + length_val))
str=${str:cut}
((i++))
if [ $i -eq 100 ]; then
check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected"
fi
done
}

22
install/debian/10/templates/web/nginx/private-hosting.sh
View file

@ -1,11 +1,11 @@
#!/bin/bash #!/bin/bash
# Changing public_html permission # Changing public_html permission
user="$1" user="$1"
domain="$2" domain="$2"
ip="$3" ip="$3"
home_dir="$4" home_dir="$4"
docroot="$5" docroot="$5"
chmod 755 $docroot chmod 755 $docroot
exit 0 exit 0

22
install/debian/11/templates/web/nginx/private-hosting.sh
View file

@ -1,11 +1,11 @@
#!/bin/bash #!/bin/bash
# Changing public_html permission # Changing public_html permission
user="$1" user="$1"
domain="$2" domain="$2"
ip="$3" ip="$3"
home_dir="$4" home_dir="$4"
docroot="$5" docroot="$5"
chmod 755 $docroot chmod 755 $docroot
exit 0 exit 0

22
install/debian/12/templates/web/nginx/private-hosting.sh
View file

@ -1,11 +1,11 @@
#!/bin/bash #!/bin/bash
# Changing public_html permission # Changing public_html permission
user="$1" user="$1"
domain="$2" domain="$2"
ip="$3" ip="$3"
home_dir="$4" home_dir="$4"
docroot="$5" docroot="$5"
chmod 755 $docroot chmod 755 $docroot
exit 0 exit 0

105
install/vst-install-debian.sh
View file

@ -491,10 +491,16 @@ echo -e "\n\n"
# Asking for confirmation to proceed # Asking for confirmation to proceed
if [ "$interactive" = 'yes' ]; then if [ "$interactive" = 'yes' ]; then
read -p 'Would you like to continue [y/n]: ' answer prompt_to_continue=1;
if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then if [ ! -z "$email" ] && [ ! -z "$secret_url" ] && [ ! -z "$port" ] && [ ! -z "$servername" ]; then
echo 'Goodbye' prompt_to_continue=0;
exit 1 fi
if [ $prompt_to_continue -eq 1 ]; then
read -p 'Would you like to continue [y/n]: ' answer
if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then
echo 'Goodbye'
exit 1
fi
fi fi
# Asking for contact email # Asking for contact email
@ -753,31 +759,37 @@ if [ "$mysql" = 'no' ]; then
fi fi
if [ "$mysql8" = 'yes' ]; then if [ "$mysql8" = 'yes' ]; then
echo "=== Preparing MySQL 8 apt repo" echo "=== Preparing MySQL 8 apt repo"
software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') if [ "$release" -lt 12 ]; then
software=$(echo "$software" | sed -e 's/exim4//') software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//')
#software="$software php-mysql roundcube-mysql" software=$(echo "$software" | sed -e 's/exim4//')
echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list #software="$software php-mysql roundcube-mysql"
echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list
echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list
echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list
echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list
echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list
echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list
echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list
echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list
# apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29
key="467B942D3A79BD29" # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29
readonly key key="467B942D3A79BD29"
GNUPGHOME="$(mktemp -d)" readonly key
export GNUPGHOME GNUPGHOME="$(mktemp -d)"
for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) export GNUPGHOME
do for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80)
gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break do
done gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break
gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg done
gpgconf --kill all gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg
rm -rf "${GNUPGHOME}" gpgconf --kill all
unset GNUPGHOME rm -rf "${GNUPGHOME}"
unset GNUPGHOME
else
# check latest on: https://dev.mysql.com/downloads/repo/apt/
wget https://dev.mysql.com/get/mysql-apt-config_0.8.34-1_all.deb
dpkg -i mysql-apt-config_0.8.34-1_all.deb
fi
mpass=$(gen_pass) mpass=$(gen_pass)
debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $mpass" debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $mpass"
@ -1575,6 +1587,15 @@ if [ "$spamd" = 'yes' ]; then
echo "=== Patching spamassassin dns_server" echo "=== Patching spamassassin dns_server"
sed -i "s/report_safe 1/report_safe 1\n\ndns_server 127.0.0.1/g" /etc/spamassassin/local.cf sed -i "s/report_safe 1/report_safe 1\n\ndns_server 127.0.0.1/g" /etc/spamassassin/local.cf
echo "== Adding myVesta rules to SpamAssassin"
cat <<EOF > /etc/spamassassin/myvesta.cf
score RCVD_IN_RP_SAFE 0
score RCVD_IN_RP_CERTIFIED 0
score SPF_FAIL 3.0
score SPF_SOFTFAIL 4.0
score SPF_NONE 4.0
EOF
wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf
ensure_startup $currentservice ensure_startup $currentservice
systemctl restart $currentservice systemctl restart $currentservice
@ -1684,6 +1705,20 @@ if [ "$fail2ban" = 'yes' ]; then
chmod 640 /var/log/auth.log chmod 640 /var/log/auth.log
chown root:adm /var/log/auth.log chown root:adm /var/log/auth.log
fi fi
if [ "$proftpd" = 'yes' ]; then
cat <<EOF >> /etc/fail2ban/jail.local
[proftpd]
enabled = true
filter = proftpd
action = vesta[name=FTP]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(proftpd_log)s
backend = %(proftpd_backend)s
maxretry = 5
EOF
fi
#update-rc.d fail2ban defaults #update-rc.d fail2ban defaults
currentservice='fail2ban' currentservice='fail2ban'
ensure_startup $currentservice ensure_startup $currentservice
@ -2052,7 +2087,6 @@ if [ "$port" != "8083" ]; then
$VESTA/bin/v-change-vesta-port $port $VESTA/bin/v-change-vesta-port $port
fi fi
echo "=== Set URL for phpmyadmin"
echo "DB_PMA_URL='https://$servername/phpmyadmin/'" >> $VESTA/conf/vesta.conf echo "DB_PMA_URL='https://$servername/phpmyadmin/'" >> $VESTA/conf/vesta.conf
if [ "$release" -gt 9 ]; then if [ "$release" -gt 9 ]; then
echo "=== Set max_length_of_MySQL_username=80" echo "=== Set max_length_of_MySQL_username=80"
@ -2060,12 +2094,17 @@ if [ "$release" -gt 9 ]; then
fi fi
echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf
echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf
echo "================================================================" echo "=== Adding FileManager license to vesta.conf"
echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf
# Removing old PHP sessions files # Removing old PHP sessions files
crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - touch /var/spool/cron/crontabs/root
echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;" >> /var/spool/cron/crontabs/root
echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile if [ -f "/root/.bash_profile" ]; then
echo "=== Adding v-cd-www alias to root bash profile"
echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# myVesta Access Info # # myVesta Access Info #

12
src/deb/for-download/tools/multi-php-install.sh
View file

@ -405,8 +405,8 @@ if [ "$inst_84" -eq 1 ]; then
fi fi
apt update > /dev/null 2>&1 # apt update > /dev/null 2>&1
apt upgrade -y > /dev/null 2>&1 # apt upgrade -y > /dev/null 2>&1
if [ $debian_version -ge 10 ]; then if [ $debian_version -ge 10 ]; then
a2dismod ruid2 > /dev/null 2>&1 a2dismod ruid2 > /dev/null 2>&1
@ -454,6 +454,10 @@ if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
echo "=== upgrading tailf_apache_error.php done." echo "=== upgrading tailf_apache_error.php done."
sleep 3 sleep 3
echo "" echo ""
echo "Everything done."
echo ""
fi fi
# Fixing php.ini files to have the correct disable_functions line
/usr/local/vesta/bin/v-fix-php-ini-disable-functions
echo "Everything done."
echo ""

486
src/deb/ioncube/copyright
View file

@ -1,243 +1,243 @@
LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE
OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com)
YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE
LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP
LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU
DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY
AND/OR USE THE LOADER SOFTWARE. AND/OR USE THE LOADER SOFTWARE.
DEFINITIONS DEFINITIONS
The following definitions shall apply in this document: The following definitions shall apply in this document:
LOADER shall mean the ionCube PHP Loader software package or collection LOADER shall mean the ionCube PHP Loader software package or collection
of Loaders, including any modifications or upgrades to the software, used for of Loaders, including any modifications or upgrades to the software, used for
executing PHP scripts previously encoded with the ionCube PHP Encoder executing PHP scripts previously encoded with the ionCube PHP Encoder
software to render them non-humanly readable, and any associated software to render them non-humanly readable, and any associated
documentation or electronic or online materials relating to the software. documentation or electronic or online materials relating to the software.
ENCODER shall mean any ionCube PHP Encoder software or service used for the ENCODER shall mean any ionCube PHP Encoder software or service used for the
purpose of producing non-humanly readable encoded files from PHP scripts. purpose of producing non-humanly readable encoded files from PHP scripts.
ENCODED FILE shall mean a non-humanly readable file produced by the ENCODED FILE shall mean a non-humanly readable file produced by the
Encoder and being derived from humanly readable PHP script source. Encoder and being derived from humanly readable PHP script source.
PROVIDER shall mean ionCube Ltd. PROVIDER shall mean ionCube Ltd.
USER/YOU shall mean any entity who has downloaded or obtained through any USER/YOU shall mean any entity who has downloaded or obtained through any
other means a version of the Loader software. other means a version of the Loader software.
1 LICENSE ENTITLEMENT 1 LICENSE ENTITLEMENT
1.1 The Loader is provided without charge. Title to the Loader does not pass 1.1 The Loader is provided without charge. Title to the Loader does not pass
to the user in any circumstances. The Loader is supplied as object code. to the user in any circumstances. The Loader is supplied as object code.
1.2 The provider grants a personal, non-transferable, non-exclusive licence to 1.2 The provider grants a personal, non-transferable, non-exclusive licence to
use the Loader in accordance with the terms and conditions of this Licence use the Loader in accordance with the terms and conditions of this Licence
Agreement. Agreement.
1.3 The installation or downloading and use of the Loader entitles the user 1.3 The installation or downloading and use of the Loader entitles the user
to install and use the Loader for its own internal lawful purposes. to install and use the Loader for its own internal lawful purposes.
2 DISTRIBUTION 2 DISTRIBUTION
2.1 The Loader may be freely distributed to third parties alone or as 2.1 The Loader may be freely distributed to third parties alone or as
part of a distribution containing other items provided that this license part of a distribution containing other items provided that this license
is also included. is also included.
2.2 The Loader may under no circumstances be branded as another product, 2.2 The Loader may under no circumstances be branded as another product,
whether distributed or not. whether distributed or not.
2.3 Distribution as part of a commercial product is permitted provided such 2.3 Distribution as part of a commercial product is permitted provided such
distribution is in accordance with clauses 2.1 and 2.2 with respect to the distribution is in accordance with clauses 2.1 and 2.2 with respect to the
Loader. Loader.
3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION 3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION
Except insofar as the user is permitted to do so in accordance with applicable Except insofar as the user is permitted to do so in accordance with applicable
law: law:
3.1 Any analysis of the Loader and embedded data by any means and by 3.1 Any analysis of the Loader and embedded data by any means and by
any entity whether human or otherwise and including but without limitation to any entity whether human or otherwise and including but without limitation to
discover details of internal operation, to reverse engineer, to de-compile discover details of internal operation, to reverse engineer, to de-compile
object code, or to modify for the purposes of modifying behaviour is object code, or to modify for the purposes of modifying behaviour is
forbidden. forbidden.
3.2 Any analysis of encoded files by any means and by any entity whether human 3.2 Any analysis of encoded files by any means and by any entity whether human
or otherwise and including but without limitation to discover details of file or otherwise and including but without limitation to discover details of file
format or for the purposes of modifying behaviour or scope of their usage is format or for the purposes of modifying behaviour or scope of their usage is
forbidden. forbidden.
4 WARRANTY 4 WARRANTY
THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE
DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED
OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN
CONJUNCTION WITH ANY OTHER PRODUCT. CONJUNCTION WITH ANY OTHER PRODUCT.
5 LIMITATION OF LIABILITY 5 LIMITATION OF LIABILITY
5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY 5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY
PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER
CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE
AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS
EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL 5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL
WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING
FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR
OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY
LAW. LAW.
5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT 5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT
ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS
A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS
OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE
PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH
DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS
TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET.
5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS 5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS
LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE
PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT.
5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY 5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY
E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY
THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING
TRANSMISSION. TRANSMISSION.
6 BUG FIXING AND PRODUCT SUPPORT 6 BUG FIXING AND PRODUCT SUPPORT
6.1 The provider will use reasonable endeavours to provide support to users. 6.1 The provider will use reasonable endeavours to provide support to users.
The provider will at their discretion only provide support for the latest The provider will at their discretion only provide support for the latest
release. release.
6.2 Support comprises of fault reporting via tickets and fault diagnosis, 6.2 Support comprises of fault reporting via tickets and fault diagnosis,
recommendations on workarounds, and where reasonably possible a timely recommendations on workarounds, and where reasonably possible a timely
resolution. resolution.
6.3 The user accepts that on occasion the ability of the provider to meet 6.3 The user accepts that on occasion the ability of the provider to meet
anticipated or published support schedules may be impaired due to, but without anticipated or published support schedules may be impaired due to, but without
limitation, Internet service provider failures or software failures that limitation, Internet service provider failures or software failures that
affect the ability to communicate for an indeterminate period. affect the ability to communicate for an indeterminate period.
6.4 The provider reserves the right to refuse to provide support at any time. 6.4 The provider reserves the right to refuse to provide support at any time.
6.5 The provider wishes to maintain and offer a product of the highest 6.5 The provider wishes to maintain and offer a product of the highest
possible quality, and accordingly may from time to time and at its discretion possible quality, and accordingly may from time to time and at its discretion
make product changes for the purpose of correcting behaviour in variance to make product changes for the purpose of correcting behaviour in variance to
the published specification or the user's reasonable expectations. the published specification or the user's reasonable expectations.
6.6 The provider reserves the right to charge for support where the user does 6.6 The provider reserves the right to charge for support where the user does
not have a valid support plan in place, or where the support offered exceeds not have a valid support plan in place, or where the support offered exceeds
the scope of the active support plan. the scope of the active support plan.
7 PRODUCT UPGRADES 7 PRODUCT UPGRADES
7.1 The provider may from time to time release product upgrades. These will 7.1 The provider may from time to time release product upgrades. These will
be provided free of charge and attempts made to provide a timely notification be provided free of charge and attempts made to provide a timely notification
to customers of the existence of any new release. to customers of the existence of any new release.
8 ERRORS AND OMISSIONS 8 ERRORS AND OMISSIONS
Whilst reasonable endeavours are made to ensure the accuracy of documentation Whilst reasonable endeavours are made to ensure the accuracy of documentation
concerning the details of the Loader, the user accepts the possibility of concerning the details of the Loader, the user accepts the possibility of
inaccuracies in information presented in any format, including email inaccuracies in information presented in any format, including email
communications and online services. The provider shall under no circumstances communications and online services. The provider shall under no circumstances
be liable for any events that arise as a result of unintentional inaccuracies be liable for any events that arise as a result of unintentional inaccuracies
or omissions. or omissions.
9 USER INDEMNITY 9 USER INDEMNITY
You agree to fully indemnify, defend and hold the provider harmless You agree to fully indemnify, defend and hold the provider harmless
immediately upon demand from and against all actions, liability, claims, immediately upon demand from and against all actions, liability, claims,
losses, damages, costs and expenses (including legal/attorney fees) incurred losses, damages, costs and expenses (including legal/attorney fees) incurred
by the provider arising directly or indirectly as a result of your breach of by the provider arising directly or indirectly as a result of your breach of
this Licence Agreement. this Licence Agreement.
10 INTELLECTUAL PROPERTY RIGHTS 10 INTELLECTUAL PROPERTY RIGHTS
10.1 The user acknowledges that the Loader and associated documentation and 10.1 The user acknowledges that the Loader and associated documentation and
materials contain proprietary information of the provider and are and shall materials contain proprietary information of the provider and are and shall
remain the exclusive property of the provider and/or its licensors and all remain the exclusive property of the provider and/or its licensors and all
title, copyright, trade marks, trade names, patents and other intellectual title, copyright, trade marks, trade names, patents and other intellectual
property rights therein of whatever nature shall remain the sole property of property rights therein of whatever nature shall remain the sole property of
the provider and/or its licensors. the provider and/or its licensors.
10.2 No title to or rights of ownership, copyright or other intellectual 10.2 No title to or rights of ownership, copyright or other intellectual
property in the Loader is transferred to the user (other than the licence property in the Loader is transferred to the user (other than the licence
rights expressly granted in this Licence Agreement). rights expressly granted in this Licence Agreement).
11 TERMINATION 11 TERMINATION
11.1 The provider reserves the right to terminate this Licence Agreement 11.1 The provider reserves the right to terminate this Licence Agreement
immediately by notice in writing against the user if the user is in breach of immediately by notice in writing against the user if the user is in breach of
any terms and conditions of this Licence Agreement. any terms and conditions of this Licence Agreement.
11.2 Termination of this Licence Agreement for any reason shall be without 11.2 Termination of this Licence Agreement for any reason shall be without
prejudice to any other rights or remedies of the provider which may have prejudice to any other rights or remedies of the provider which may have
arisen on or before the date of termination under this Licence Agreement or in arisen on or before the date of termination under this Licence Agreement or in
law. law.
11.3 The provisions of the following clauses shall survive any termination of 11.3 The provisions of the following clauses shall survive any termination of
this agreement; clause 3, 5, 10 and 13. this agreement; clause 3, 5, 10 and 13.
12 GENERAL 12 GENERAL
12.1 The provider reserves the right to transfer or assign all or any of its 12.1 The provider reserves the right to transfer or assign all or any of its
rights and duties and responsibilities set out in this Licence Agreement to rights and duties and responsibilities set out in this Licence Agreement to
another party. another party.
12.2 Headings have been included for convenience only and will not be used in 12.2 Headings have been included for convenience only and will not be used in
construing any provision of this Licence Agreement. construing any provision of this Licence Agreement.
12.3 No delay or failure by the provider to exercise any powers, rights or 12.3 No delay or failure by the provider to exercise any powers, rights or
remedies under this Licence Agreement will operate as a waiver of them nor remedies under this Licence Agreement will operate as a waiver of them nor
will any single or partial exercise of any such powers, rights or remedies will any single or partial exercise of any such powers, rights or remedies
include any other or further exercise of them. include any other or further exercise of them.
12.4 If any part of this Licence Agreement is found by a court of competent 12.4 If any part of this Licence Agreement is found by a court of competent
jurisdiction or other competent authority to be invalid, unlawful or jurisdiction or other competent authority to be invalid, unlawful or
unenforceable then such part shall be severed from the remainder of this unenforceable then such part shall be severed from the remainder of this
Licence Agreement which will continue to be valid and enforceable to the Licence Agreement which will continue to be valid and enforceable to the
fullest extent permitted by applicable law. fullest extent permitted by applicable law.
12.5 This Licence Agreement including the documents or other sources referred 12.5 This Licence Agreement including the documents or other sources referred
to herein supersede all prior representations, understandings and agreements to herein supersede all prior representations, understandings and agreements
between the user and the provider relating to the Loader and sets forth the between the user and the provider relating to the Loader and sets forth the
entire agreement and understanding between the user and the provider relating entire agreement and understanding between the user and the provider relating
to the Loader. to the Loader.
12.6 Nothing in this Licence Agreement shall be deemed to constitute a 12.6 Nothing in this Licence Agreement shall be deemed to constitute a
partnership between you and the provider nor constitute either party being an partnership between you and the provider nor constitute either party being an
agent of the other party. agent of the other party.
12.7 This Agreement does not create any rights or benefits enforceable by any 12.7 This Agreement does not create any rights or benefits enforceable by any
person not a party to it (within the meaning of the U.K.Contracts (Rights of person not a party to it (within the meaning of the U.K.Contracts (Rights of
Third Parties) Act 1999) except that a person who under clause 12.1 is a Third Parties) Act 1999) except that a person who under clause 12.1 is a
permitted successor or assignee of the rights or benefits of the provider may permitted successor or assignee of the rights or benefits of the provider may
enforce such rights or benefits. enforce such rights or benefits.
13 GOVERNING LAW AND JURISDICTION 13 GOVERNING LAW AND JURISDICTION
This License Agreement and any issues relating thereto shall be construed and This License Agreement and any issues relating thereto shall be construed and
interpreted in accordance with the laws of England and subject to the interpreted in accordance with the laws of England and subject to the
exclusive jurisdiction of the English courts. exclusive jurisdiction of the English courts.
Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015

84
src/deb/vesta/postinst
View file

@ -25,6 +25,76 @@ fi
echo "1" > /usr/local/vesta/data/upgrades/show_changelog echo "1" > /usr/local/vesta/data/upgrades/show_changelog
chmod a=rw /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog
if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then
echo "== Adding FileManager license to vesta.conf"
echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf
fi
if [ -f "/root/.bash_profile" ]; then
if ! grep -q "v-cd-www" /root/.bash_profile; then
echo "== Adding v-cd-www alias to root bash profile"
echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile
fi
fi
# Adding myVesta rules to SpamAssassin
if [ -d "/etc/spamassassin" ]; then
spamassassin_modified=0
if [ ! -f "/etc/spamassassin/myvesta.cf" ]; then
touch /etc/spamassassin/myvesta.cf
fi
if ! grep -q 'RCVD_IN_RP_SAFE' /etc/spamassassin/myvesta.cf; then
echo "== Adding RCVD_IN_RP_ myVesta rules to SpamAssassin"
echo 'score RCVD_IN_RP_SAFE 0' >> /etc/spamassassin/myvesta.cf
echo 'score RCVD_IN_RP_CERTIFIED 0' >> /etc/spamassassin/myvesta.cf
spamassassin_modified=1
fi
if ! grep -q 'SPF_FAIL' /etc/spamassassin/myvesta.cf; then
echo "== Adding SPF_FAIL myVesta rules to SpamAssassin"
cat <<EOF >> /etc/spamassassin/myvesta.cf
score SPF_FAIL 3.0
score SPF_SOFTFAIL 4.0
score SPF_NONE 4.0
EOF
spamassassin_modified=1
fi
if [ $spamassassin_modified -eq 1 ]; then
spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running')
if [ $spamassassin_running -eq 1 ]; then
echo "== Restarting SpamAssassin"
if [ "$release" -lt 12 ]; then
systemctl restart spamassassin.service
else
systemctl restart spamd.service
fi
fi
fi
fi
# Adding ProFTPD to Fail2Ban
if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then
if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then
echo "== Adding ProFTPD to Fail2Ban"
cat <<EOF >> /etc/fail2ban/jail.local
[proftpd]
enabled = true
filter = proftpd
action = vesta[name=FTP]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(proftpd_log)s
backend = %(proftpd_backend)s
maxretry = 5
EOF
fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running')
if [ $fail2ban_running -eq 1 ]; then
echo "== Restarting Fail2Ban"
systemctl restart fail2ban
fi
fi
fi
# Removing SpamHaus DNSBL # Removing SpamHaus DNSBL
if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then
sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf
@ -99,14 +169,18 @@ fi
# Adding Barracuda RBL to SpamAssassin # Adding Barracuda RBL to SpamAssassin
if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then
spamassassin_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'spamassassin') spamassassin_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'spamassassin')
spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin' | grep -c 'running') spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running')
if [ $spamassassin_installed -eq 1 ]; then if [ $spamassassin_installed -eq 1 ]; then
echo "== Adding Barracuda RBL to SpamAssassin" echo "== Adding Barracuda RBL to SpamAssassin"
wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf
fi fi
if [ $spamassassin_running -eq 1 ]; then if [ $spamassassin_running -eq 1 ]; then
echo "== Restarting SpamAssassin" echo "== Restarting SpamAssassin"
systemctl restart spamassassin if [ "$release" -lt 12 ]; then
systemctl restart spamassassin.service
else
systemctl restart spamd.service
fi
fi fi
touch /usr/local/vesta/data/upgrades/barracuda_rbl touch /usr/local/vesta/data/upgrades/barracuda_rbl
fi fi
@ -163,7 +237,11 @@ if [ ! -f "/usr/local/vesta/data/upgrades/enable-tls-in-proftpd" ]; then
echo "== Enabling TLS for ProFTPD FTPS" echo "== Enabling TLS for ProFTPD FTPS"
wget -nv https://c.myvestacp.com/debian/10/proftpd/tls.conf -O /etc/proftpd/tls.conf wget -nv https://c.myvestacp.com/debian/10/proftpd/tls.conf -O /etc/proftpd/tls.conf
sed -i "s|AuthPAMConfig|Include /etc/proftpd/tls.conf\n\nAuthPAMConfig|g" /etc/proftpd/proftpd.conf sed -i "s|AuthPAMConfig|Include /etc/proftpd/tls.conf\n\nAuthPAMConfig|g" /etc/proftpd/proftpd.conf
systemctl restart proftpd proftpd_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'proftpd' | grep -c 'running')
if [ $proftpd_running -eq 1 ]; then
echo "== Restarting ProFTPD"
systemctl restart proftpd
fi
fi fi
fi fi
fi fi

5
web/edit/server/index.php
View file

@ -339,7 +339,8 @@ if (!empty($_POST['save'])) {
$v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_password = escapeshellarg($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); $v_backup_port = escapeshellarg($_POST['v_backup_port']);
exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath." ".$v_backup_port, $output, $return_var);
check_return_code($return_var,$output); check_return_code($return_var,$output);
unset($output); unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
@ -347,12 +348,12 @@ if (!empty($_POST['save'])) {
if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username']; if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password']; if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath']; if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
if (empty($_SESSION['error_msg'])) $v_backup_port = $_POST['v_backup_port'];
$v_backup_new = 'yes'; $v_backup_new = 'yes';
$v_backup_adv = 'yes'; $v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes'; $v_backup_remote_adv = 'yes';
} }
} }
// Change remote backup host type // Change remote backup host type
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {

7
web/inc/main.php
View file

@ -38,8 +38,13 @@ if(!isset($_SESSION['user_combined_ip'])){
$_SESSION['user_combined_ip'] = $user_combined_ip; $_SESSION['user_combined_ip'] = $user_combined_ip;
} }
$SKIP_IP_CHECK = false;
if (isset($_SESSION['DISABLE_IP_CHECK']) && $_SESSION['DISABLE_IP_CHECK'] == 'yes') {
$SKIP_IP_CHECK = true;
}
// Checking user to use session from the same IP he has been logged in // Checking user to use session from the same IP he has been logged in
if($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1'){ if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $SKIP_IP_CHECK==false) {
session_destroy(); session_destroy();
session_start(); session_start();
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];

328
web/list/firewall/banlist/ip_info.php
View file

@ -1,164 +1,164 @@
<? <?
error_reporting(NULL); error_reporting(NULL);
session_start(); session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if (!function_exists('str_contains')) { if (!function_exists('str_contains')) {
function str_contains($haystack, $needle) function str_contains($haystack, $needle)
{ {
return $needle !== '' && mb_strpos($haystack, $needle) !== false; return $needle !== '' && mb_strpos($haystack, $needle) !== false;
} }
} }
// cidrMatch() based on https://stackoverflow.com/a/14535823 // cidrMatch() based on https://stackoverflow.com/a/14535823
function cidrMatch($ip, $range) function cidrMatch($ip, $range)
{ {
if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) return false; if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) return false;
list($subnet, $bits) = explode('/', $range); list($subnet, $bits) = explode('/', $range);
$ip = substr(ipToBinary($ip), 0, $bits); $ip = substr(ipToBinary($ip), 0, $bits);
$subnet = substr(ipToBinary($subnet), 0, $bits); $subnet = substr(ipToBinary($subnet), 0, $bits);
return ($ip == $subnet); return ($ip == $subnet);
} }
// ipToBinary based on https://stackoverflow.com/a/14535823 // ipToBinary based on https://stackoverflow.com/a/14535823
function ipToBinary($ip) function ipToBinary($ip)
{ {
$ipbin = ''; $ipbin = '';
$ips = explode(".", $ip); $ips = explode(".", $ip);
foreach ($ips as $iptmp) { foreach ($ips as $iptmp) {
$ipbin .= sprintf("%08b", $iptmp); $ipbin .= sprintf("%08b", $iptmp);
} }
return $ipbin; return $ipbin;
} }
function fetchURL($url, &$info = []) function fetchURL($url, &$info = [])
{ {
$curl_handle = curl_init(); $curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl_handle, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl_handle, CURLOPT_ENCODING, 'gzip, deflate'); curl_setopt($curl_handle, CURLOPT_ENCODING, 'gzip, deflate');
curl_setopt($curl_handle, CURLOPT_URL, $url); curl_setopt($curl_handle, CURLOPT_URL, $url);
curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec($curl_handle); $data = curl_exec($curl_handle);
$info = curl_getinfo($curl_handle); $info = curl_getinfo($curl_handle);
curl_close($curl_handle); curl_close($curl_handle);
return $data; return $data;
} }
function parseCacheEntries($strEntries) function parseCacheEntries($strEntries)
{ {
$parsed = []; $parsed = [];
$entries = explode("\n", $strEntries); $entries = explode("\n", $strEntries);
if ($entries) { if ($entries) {
foreach ($entries as $entry) { foreach ($entries as $entry) {
list($entry,) = explode("#", $entry); list($entry,) = explode("#", $entry);
list($entry,) = explode(";", $entry); list($entry,) = explode(";", $entry);
$entry = trim($entry); $entry = trim($entry);
if (!empty($entry)) $parsed[] = $entry; if (!empty($entry)) $parsed[] = $entry;
} }
} }
return $parsed; return $parsed;
} }
function checkIP($ip) function checkIP($ip)
{ {
$check_results = []; $check_results = [];
$lists = [ $lists = [
'BDEALL' => 'http://lists.blocklist.de/lists/all.txt', 'BDEALL' => 'http://lists.blocklist.de/lists/all.txt',
'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php', 'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php',
'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt', 'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt',
'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt', 'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt',
'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt', 'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt',
'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt', 'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt',
'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py', 'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py',
]; ];
$today = date('Y-m-d'); $today = date('Y-m-d');
foreach ($lists as $code => $url) { foreach ($lists as $code => $url) {
$cache_tag = 'ip-blacklist-' . $code . '-cache'; $cache_tag = 'ip-blacklist-' . $code . '-cache';
// init cache // init cache
if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => '']; if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => ''];
// invalidate cache if clear_cache parameter is 1 // invalidate cache if clear_cache parameter is 1
if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01'; if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01';
// if cache is not updated, fetch new data and save to cache // if cache is not updated, fetch new data and save to cache
if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) { if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) {
$new_cache_data = fetchURL($url, $url_result); $new_cache_data = fetchURL($url, $url_result);
if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data); if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data);
$_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']]; $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']];
} }
// check ip // check ip
$matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) { $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) {
if (str_contains($item, '/')) return cidrMatch($ip, $item); if (str_contains($item, '/')) return cidrMatch($ip, $item);
if ($ip == $item) return true; if ($ip == $item) return true;
return false; return false;
}); });
$check_results[$code]['found'] = count($matched_ips) > 0 ? true : false; $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false;
$check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated']; $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated'];
$check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code']; $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code'];
} }
return $check_results; return $check_results;
} }
// Check token // Check token
if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) {
die("Wrong token"); die("Wrong token");
} }
$ip = $_REQUEST['ip']; $ip = $_REQUEST['ip'];
// Validate IP format // Validate IP format
if (filter_var($ip, FILTER_VALIDATE_IP) === false) { if (filter_var($ip, FILTER_VALIDATE_IP) === false) {
die('<strong>GENERAL ERROR</strong><br>BAD_IP_FORMAT'); die('<strong>GENERAL ERROR</strong><br>BAD_IP_FORMAT');
} }
// Query host // Query host
$host = gethostbyaddr($ip); $host = gethostbyaddr($ip);
// Query blocklists // Query blocklists
$result_blocklists = ''; $result_blocklists = '';
$ip_check = checkIP($ip); $ip_check = checkIP($ip);
if ($ip_check) { if ($ip_check) {
foreach ($ip_check as $list_code => $list_results) { foreach ($ip_check as $list_code => $list_results) {
$result_blocklists .= '<div title="'.$list_results['updated'].' / '.$list_results['http_code'].'">'; $result_blocklists .= '<div title="'.$list_results['updated'].' / '.$list_results['http_code'].'">';
$result_blocklists .= $list_results['found'] ? '<i class="fas fa-fw fa-exclamation-triangle"></i>' : '<i class="fas fa-fw fa-check-circle"></i>'; $result_blocklists .= $list_results['found'] ? '<i class="fas fa-fw fa-exclamation-triangle"></i>' : '<i class="fas fa-fw fa-check-circle"></i>';
$result_blocklists .= '&nbsp;<span>'.$list_code.'</span>&nbsp;'; $result_blocklists .= '&nbsp;<span>'.$list_code.'</span>&nbsp;';
$result_blocklists .= $list_results['http_code'] == '200' ? '' : '<i class="fas fa-fw fa-exclamation-circle"></i>'; $result_blocklists .= $list_results['http_code'] == '200' ? '' : '<i class="fas fa-fw fa-exclamation-circle"></i>';
$result_blocklists .= '</div>'; $result_blocklists .= '</div>';
} }
} }
// Query location // Query location
$url = 'https://api.db-ip.com/v2/free/'.$ip; $url = 'https://api.db-ip.com/v2/free/'.$ip;
$result = fetchURL($url); $result = fetchURL($url);
$result_array = json_decode($result, true); $result_array = json_decode($result, true);
if (!is_array($result_array)) { if (!is_array($result_array)) {
die('<strong>GENERAL ERROR</strong><br>BAD_JSON'); die('<strong>GENERAL ERROR</strong><br>BAD_JSON');
} }
if (!empty($result_array['errorCode'])) { if (!empty($result_array['errorCode'])) {
die('<strong>GENERAL ERROR</strong><br>'.$result_array['errorCode']); die('<strong>GENERAL ERROR</strong><br>'.$result_array['errorCode']);
} }
// Output // Output
echo " echo "
<dl> <dl>
<dt>".__('Host')."</dt> <dt>".__('Host')."</dt>
<dd>".$host."</dd> <dd>".$host."</dd>
<dt>".__('Banlist')."</dt> <dt>".__('Banlist')."</dt>
<dd>".$result_blocklists."</dd> <dd>".$result_blocklists."</dd>
<dt>".__('Continent')."</dt> <dt>".__('Continent')."</dt>
<dd>".$result_array['continentName']." [".$result_array['continentCode']."]</dd> <dd>".$result_array['continentName']." [".$result_array['continentCode']."]</dd>
<dt>".__('Country')."</dt> <dt>".__('Country')."</dt>
<dd>".$result_array['countryName']." [".$result_array['countryCode']."]</dd> <dd>".$result_array['countryName']." [".$result_array['countryCode']."]</dd>
<dt>".__('State / Province')."</dt> <dt>".__('State / Province')."</dt>
<dd>".$result_array['stateProv']." [".$result_array['stateProvCode']."]</dd> <dd>".$result_array['stateProv']." [".$result_array['stateProvCode']."]</dd>
<dt>".__('City / Locality')."</dt> <dt>".__('City / Locality')."</dt>
<dd>".$result_array['city']."</dd> <dd>".$result_array['city']."</dd>
</dl> </dl>
"; ";

11
web/templates/admin/edit_server.html
View file

@ -641,6 +641,17 @@
<br><br> <br><br>
</td> </td>
</tr> </tr>
<tr>
<td class="vst-text">
<?php print __('Port') ?>
</td>
</tr>
<tr>
<td>
<input type="text" size="20" class="vst-input" name="v_backup_port" value="<?=trim($v_backup_port, "'")?>">
<br><br>
</td>
</tr>
<tr> <tr>
<td class="vst-text"> <td class="vst-text">
<?php print __('Username') ?> <?php print __('Username') ?>

1
web/templates/file_manager/main.php
View file

@ -19,6 +19,7 @@
<a href="#" class="to-shortcuts"> <a href="#" class="to-shortcuts">
<i class="l-icon-shortcuts"></i> <i class="l-icon-shortcuts"></i>
</a> </a>
<div style="float: right; margin-right: 15px;position: fixed;z-index: 100;right: 0px;color: #fff;top: 10px;" title="Developed and donated by VestaCP.com">©</div>
<div id="main"> <div id="main">
<div class="window active"> <div class="window active">