v-fix-website-permissions: chown for .php and .env files

v-change-wordpress-admin-passwords
VERBOSE_MODE in v-run-wp-cli
2025-07-06 04:51:54 -07:00 · 2025-07-01 10:03:32 +02:00 · 2025-06-30 00:11:44 +02:00 · 2025-06-30 00:11:44 +02:00 · 2025-06-28 16:49:18 +02:00 · 2025-06-26 22:26:14 +02:00
399 changed files with 22262 additions and 2302 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,6 @@
 *.gz
 .vscode
 .DS_Store
+data
+conf
+log
--- a/Changelog.md
+++ b/Changelog.md
@ -1,3 +1,36 @@
+Version 0.9.9-0-12 [28-Feb-2025]
+==================================================
+* SpamHaus DNSBL removed from exim4
+* A lot of small bugs fixed
+
+Version 0.9.9-0-11 [30-May-2024]
+==================================================
+* Introducing v-run-wp-cli command ( @isscbta )
+* Introducing v-add-wordpress-admin command ( @isscbta )
+* Few bugs fixed
+
+Version 0.9.9-0-10 [11-Apr-2024]
+==================================================
+* Introducing v-edit-php-ini command ( @isscbta )
+* Introducing v-edit-domain-php-ini command ( @isscbta )
+
+Version 0.9.9-0-9 [05-Apr-2024]
+==================================================
+* Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos )
+* Few bugs fixed
+
+Version 0.9.9-0-5 to 0.9.9-0-8
+==================================================
+* Few bugs fixed
+
+Version 0.9.9-0-4 [27-Jun-2023]
+==================================================
+* Support for Debian 12 ( in mutual cooperation with @HestiaCP )
+
+Version 0.9.9-0-2 [12-Jun-2023]
+==================================================
+* Hosting panel UI perfomance fix
+
 Version 0.9.9-0 [05-Jun-2023]
 ==================================================
 * Redesign of hosting panel
--- a/README.md
+++ b/README.md
@ -23,7 +23,7 @@

 <h1>Features of myVesta</h1>
 <ul>
-    <li>Support for Debian 10 and 11 (Debian 11 is recommended, but previous Debian releases are also supported)</li>
+    <li>Support for Debian 11 and 12 (Debian 12 is recommended, but previous Debian releases are also supported)</li>
    <li>Support for MySQL 8</li>
    <li><a href="https://forum.myvestacp.com/viewtopic.php?f=20&t=51">nginx templates</a> that can prevent denial-of-service on your server</li>
    <li><a href="https://forum.myvestacp.com/viewtopic.php?f=18&t=52">Support for multi-PHP versions</a></li>
--- a/bin/v-activate-rocket-nginx
+++ b/bin/v-activate-rocket-nginx
@ -126,7 +126,7 @@ else
    chown $user:$user /home/$user/web/$domain/cron.log

    case $fpm_ver in
-        5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2) 
+        5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2 | 8.3) 
            /usr/local/vesta/bin/v-add-cron-job "$user" "*/15" "*" "*" "*" "*" "cd /home/$user/web/$domain/public_html; /usr/bin/php$fpm_ver wp-cron.php >/home/$user/web/$domain/cron.log 2>&1"
            ;;
    esac
--- a/bin/v-add-firewall-ban
+++ b/bin/v-add-firewall-ban
@ -72,6 +72,13 @@ $iptables -I fail2ban-$chain 1 -s $ip \
 # Changing permissions
 chmod 660 $conf

+# nginx deny rules conf
+if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then
+    if ! grep -q  "deny $ip;" /etc/nginx/conf.d/block.conf; then
+        echo "deny $ip;" >> /etc/nginx/conf.d/block.conf
+        systemctl reload nginx
+   fi
+fi

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-add-firewall-rule
+++ b/bin/v-add-firewall-rule
@ -83,6 +83,16 @@ sort_fw_rules
 # Updating system firewall
 $BIN/v-update-firewall

+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
+        touch /etc/nginx/conf.d/block-firewall.conf
+        if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then
+            echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf
+            systemctl restart nginx
+        fi
+    fi
+fi
+

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-add-letsencrypt-domain
+++ b/bin/v-add-letsencrypt-domain
@ -154,6 +154,11 @@ for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
 done
 payload=$(echo "$payload"|sed "s/,$//")
 payload=$payload']}'
+# validation='pending'
+# # Start counter to avoid infinite loop
+# i=0
+# while [ "$validation" = 'pending' ]; do
+# echo "[$(date)] : ----------------------- step 2 loop, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(query_le_v2 "$url" "$payload" "$nonce")
@ -168,10 +173,19 @@ order=$(echo -e "$answer" | grep -i location | cut -f2 -d \  | tr -d '\r\n')
 echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"')
+echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 201 ]]; then
    echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "Let's Encrypt new auth status $status"
 fi
+# # Exit the loop after 5 attempts
+# i=$((i + 1))
+# if [ $i -gt 5 ]; then
+#     break
+# fi
+# sleep 2
+# done

 # Requesting authorization token / STEP 3
 echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
@ -276,7 +290,9 @@ for auth in $authz; do
    # Doing pol check on status
    i=1
    while [ "$validation" = 'pending' ]; do
-        echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
+        i=0
+        while true; do
+            echo "[$(date)] : ----------------------- Doing pol check on status, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log
            payload='{}'
            echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
            answer=$(query_le_v2 "$url" "$payload" "$nonce")
@ -289,6 +305,20 @@ for auth in $authz; do
            echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
            status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
            echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+            if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then
+                break
+            fi
+            if [ "$wildcard" = 'yes'  ]; then
+                if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then
+                    break
+                fi                
+            fi
+            i=$((i + 1))
+            if ((i > 30)); then
+                break
+            fi
+            sleep 2
+        done
        if [[ "$status" -ne 200 ]]; then
            echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
            check_result $E_CONNECT "Let's Encrypt validation status $status"
--- a/bin/v-add-srs-support-to-exim
+++ b/bin/v-add-srs-support-to-exim
@ -0,0 +1,77 @@
+#!/bin/bash
+
+gen_pass() {
+    MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+    if [ -z "$1" ]; then
+        LENGTH=32
+    else
+        LENGTH=$1
+    fi
+    while [ ${n:=1} -le $LENGTH ]; do
+        PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
+        let n+=1
+    done
+    echo "$PASS"
+}
+
+eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}')
+if (( $(echo "$eximversion < 4.96" | bc -l) )); then
+    echo "= ERROR: Exim SRS support requires Exim 4.96 or higher."
+    echo "You have Exim $eximversion"
+    exit 1;
+fi
+
+echo "=== Addind SRS support to Exim4 ==="
+# SRS support is taken from HestiaCP
+
+if [ ! -f "/etc/exim4/srs.conf" ]; then
+    echo "= Generating SRS KEY"
+    srs=$(gen_pass 16) 
+    echo $srs > /etc/exim4/srs.conf
+    chmod 640 /etc/exim4/srs.conf
+    chown root:Debian-exim /etc/exim4/srs.conf
+fi
+
+if [ ! -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then
+    echo "= Backing up /etc/exim4/exim4.conf.template"
+    cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf"
+    v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Patching \"dnslookup:\" block"
+    /usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' '  no_more' 'dnslookup:\n  driver = dnslookup\n  # if outbound, and forwarding has been done, use an alternate transport\n  domains = ! +local_domains\n  transport = ${if eq {$local_part@$domain} \\n                      {$original_local_part@$original_domain} \\n                      {remote_smtp} {remote_forwarded_smtp}}\n  no_more'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks"
+    v-sed 'aliases:' 'inbound_srs:\n    driver = redirect\n    senders = :\n    domains = +local_domains\n    # detect inbound bounces which are converted to SRS, and decode them\n    condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n    data = $srs_recipient\n\ninbound_srs_failure:\n    driver = redirect\n    senders = :\n    domains = +local_domains\n    # detect inbound bounces which look converted to SRS but are invalid\n    condition = ${if inbound_srs {$local_part} {}}\n    allow_fail\n    data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding \"remote_forwarded_smtp:\" block"
+    v-sed 'procmail:\n  driver = pipe' 'remote_forwarded_smtp:\n  driver = smtp\n  dkim_domain = DKIM_DOMAIN\n  dkim_selector = mail\n  dkim_private_key = DKIM_PRIVATE_KEY\n  dkim_canon = relaxed\n  dkim_strict = 0\n  hosts_try_fastopen = \n  hosts_try_chunking = !93.188.3.0/24\n  message_linelength_limit = 1G\n  # modify the envelope from, for mails that we forward\n  max_rcpt = 1\n  return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n  driver = pipe' '/etc/exim4/exim4.conf.template'
+fi
+
+touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
+touch /etc/exim4/limit_per_email_account_max_recipients
+touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
+touch /etc/exim4/limit_per_hosting_account_max_recipients
+
+echo "= Restarting exim4 service"
+systemctl restart exim4
+
+if [ $? -ne 0 ]; then
+    systemctl status exim4
+    cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template
+    systemctl restart exim4
+    echo "=== Patching failed, old exim conf returned, exim4 restarted again."
+    exit 1
+fi
+echo "=== SRS support was added successfully. ==="
+
+exit 0
--- a/bin/v-add-user-package
+++ b/bin/v-add-user-package
@ -28,7 +28,7 @@ is_package_new() {
 }

 is_package_consistent() {
-    source $pkg_dir/$package.pkg
+    parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg)
    if [ "$WEB_DOMAINS" != 'unlimited' ]; then
        is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
    fi
@ -63,6 +63,9 @@ is_package_consistent() {
        is_int_format_valid $BACKUPS 'BACKUPS'
    fi
    is_format_valid_shell $SHELL
+    is_web_template_valid $WEB_TEMPLATE
+    is_dns_template_valid $DNS_TEMPLATE
+    is_proxy_template_valid $PROXY_TEMPLATE
 }


--- a/bin/v-add-wordpress-admin
+++ b/bin/v-add-wordpress-admin
@ -0,0 +1,81 @@
+#!/bin/bash
+# info: Add a WordPress admin user to a specific domain
+# options: DOMAIN USERNAME PASSWORD EMAIL
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+username=$2
+password=$3
+email=$4
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '4' "$#" 'DOMAIN USERNAME PASSWORD EMAIL'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Domain doesn't exist";
+    exit 1;
+fi
+
+if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo 'Please install WordPress first.'
+    exit 1;
+fi
+
+if ! command -v wp &> /dev/null; then
+    echo "WP CLI is not installed. Installing..."
+    wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
+    chmod +x /usr/local/bin/wp
+    echo "WP CLI installed successfully."
+fi
+
+phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain")
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+cd /home/$USER/web/$domain/public_html
+sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp user create $username $email --role=administrator --user_pass="$password" --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;
--- a/bin/v-backup-user
+++ b/bin/v-backup-user
@ -22,6 +22,9 @@ source $VESTA/func/domain.sh
 source $VESTA/func/db.sh
 source $VESTA/conf/vesta.conf

+if [ ! -z "$NOW" ]; then
+    BACKUP_LA_LIMIT=50
+fi

 #----------------------------------------------------------#
 #                    Verifications                         #
--- a/bin/v-backup-user-now
+++ b/bin/v-backup-user-now
@ -0,0 +1,6 @@
+#!/bin/bash
+
+export ALLOW_BACKUP_ANYTIME='yes'
+export NOW='yes'
+
+nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1
--- a/bin/v-backup-users
+++ b/bin/v-backup-users
@ -37,7 +37,7 @@ fi

 log=$VESTA/log/backup.log

-$BIN/v-check-vesta-license >/dev/null
+# $BIN/v-check-vesta-license >/dev/null

 touch $log
 if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
--- a/bin/v-blacklist-email-account
+++ b/bin/v-blacklist-email-account
@ -0,0 +1,102 @@
+#!/bin/bash
+# info: Add a specific email address to exim4 and spamassassin blacklist
+# usage: v-blacklist-email-account EMAIL
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+DENY_SENDERS_FILE="/etc/exim4/deny_senders"
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if an entry already exists in a file
+check_entry_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "$entry" "$file"
+}
+
+# Function to add an entry to a file
+add_entry_to_file() {
+    local entry=$1
+    local file=$2
+    echo "$entry" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 1 ]; then
+    echo "Usage: v-blacklist-email EMAIL"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+EMAIL=$1
+
+# Validate email format
+if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+    echo "Invalid email address format."
+    exit 1
+fi
+
+# Prepare entries for Exim4 and SpamAssassin
+EXIM_ENTRY="$EMAIL"
+SPAMASSASSIN_ENTRY="blacklist_from $EMAIL"
+
+#----------------------------------------------------------#
+#                   Exim4 Blacklist                        #
+#----------------------------------------------------------#
+
+echo "Updating $DENY_SENDERS_FILE..."
+if ! check_entry_exists "$EXIM_ENTRY" "$DENY_SENDERS_FILE"; then
+    add_entry_to_file "$EXIM_ENTRY" "$DENY_SENDERS_FILE"
+    echo "Added $EXIM_ENTRY to $DENY_SENDERS_FILE."
+else
+    echo "$EXIM_ENTRY already exists in $DENY_SENDERS_FILE."
+fi
+
+#----------------------------------------------------------#
+#                SpamAssassin Blacklist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+if ! check_entry_exists "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"; then
+    add_entry_to_file "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"
+    echo "Added $SPAMASSASSIN_ENTRY to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "$SPAMASSASSIN_ENTRY already exists in $SPAMASSASSIN_FILE."
+fi
+
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
--- a/bin/v-blacklist-email-domain
+++ b/bin/v-blacklist-email-domain
@ -0,0 +1,133 @@
+#!/bin/bash
+# info: Add a domain to exim4 and spamassassin blacklist
+# usage: v-blacklist-email-domain DOMAIN SUBDOMAIN(YES/NO)
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+DENY_SENDERS_FILE="/etc/exim4/deny_senders"
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if a domain already exists in a file
+check_domain_exists() {
+    local domain=$1
+    local file=$2
+    grep -qE "^${domain}$" "$file"
+}
+
+# Function to check if a SpamAssassin entry already exists
+check_spamassassin_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "$entry" "$file"
+}
+
+# Function to add domain to file
+add_domain_to_file() {
+    local domain=$1
+    local file=$2
+    echo "$domain" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 2 ]; then
+    echo "Usage: v-blacklist-domain DOMAIN SUBDOMAIN(YES/NO)"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+DOMAIN=$1
+SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO)
+
+# Validate SUBDOMAIN parameter
+if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then
+    echo "Invalid parameter for SUBDOMAIN. Use YES or NO."
+    exit 1
+fi
+
+# Prepare entries for Exim4
+EXIM_ENTRY_MAIN="$DOMAIN"
+EXIM_ENTRY_SUB="*.$DOMAIN"
+
+# Prepare entries for SpamAssassin
+SPAMASSASSIN_ENTRY_MAIN="blacklist_from *@${DOMAIN}"
+SPAMASSASSIN_ENTRY_SUB="blacklist_from *.$DOMAIN"
+
+#----------------------------------------------------------#
+#                   Exim4 Blacklist                        #
+#----------------------------------------------------------#
+
+echo "Updating $DENY_SENDERS_FILE..."
+if ! check_domain_exists "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"; then
+    add_domain_to_file "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"
+    echo "Added $EXIM_ENTRY_MAIN to $DENY_SENDERS_FILE."
+else
+    echo "$EXIM_ENTRY_MAIN already exists in $DENY_SENDERS_FILE."
+fi
+
+if [ "$SUBDOMAIN" == "YES" ]; then
+    if ! check_domain_exists "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"; then
+        add_domain_to_file "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"
+        echo "Added $EXIM_ENTRY_SUB to $DENY_SENDERS_FILE."
+    else
+        echo "$EXIM_ENTRY_SUB already exists in $DENY_SENDERS_FILE."
+    fi
+fi
+
+#----------------------------------------------------------#
+#                SpamAssassin Blacklist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
+    add_domain_to_file "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"
+    echo "Added $SPAMASSASSIN_ENTRY_MAIN to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "$SPAMASSASSIN_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE."
+fi
+
+if [ "$SUBDOMAIN" == "YES" ]; then
+    if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
+        add_domain_to_file "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"
+        echo "Added $SPAMASSASSIN_ENTRY_SUB to $SPAMASSASSIN_FILE."
+        SPAMASSASSIN_CHANGED=true
+    else
+        echo "$SPAMASSASSIN_ENTRY_SUB already exists in $SPAMASSASSIN_FILE."
+    fi
+fi
+
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
--- a/bin/v-change-database-password-for-all-wordpress
+++ b/bin/v-change-database-password-for-all-wordpress
@ -0,0 +1,63 @@
+#!/bin/bash
+# info: change db password to all wordpress databases
+# options:
+#
+# The command is used for changing db password to all wordpress databases on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+only_user='';
+if [ ! -z "$1" ]; then
+    only_user=$1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+touch /root/remember-db-user-pass.txt
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    if [ ! -z "$only_user" ]; then
+        if [ "$only_user" != "$user" ]; then
+            continue;
+        fi
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+            /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user
+            echo "--------------------------------"
+        fi
+    done
+
+    if [ ! -z "$only_user" ]; then
+        break;
+    fi
+
+done
+
+# cat /root/remember-db-user-pass.txt
+rm /root/remember-db-user-pass.txt
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-change-database-password-for-wordpress
+++ b/bin/v-change-database-password-for-wordpress
@ -0,0 +1,123 @@
+#!/bin/bash
+# info: change database password for wordpress
+# options:
+#
+# The command is used for changing database password for wordpress.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
+
+if [ -z "$user" ]; then
+    echo "ERROR: Domain $domain not found"
+    exit 1;
+fi
+
+if [ ! -d "/home/$user" ]; then
+    echo "ERROR: User $user doesn't exist";
+    exit 1;
+fi
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "ERROR: Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo "=== Domain: $domain"
+    wp_config_path="/home/$user/web/$domain/public_html/wp-config.php"
+    if grep -q $'\r' $wp_config_path; then
+        echo "=== removing CRLF from wp-config.php"
+        tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path
+        chown $user:$user $wp_config_path
+    fi
+    db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+")
+    db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+")
+    new_password=''
+    found_existing_password=0
+    if [ -f "/root/remember-db-user-pass.txt" ]; then
+        db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt)
+        if [ -n "$db_user_pass" ]; then
+            new_password=$(echo "$db_user_pass" | cut -d':' -f2)
+            echo "= Using existing password for $db_user"
+            found_existing_password=1
+        fi
+    fi
+
+    if [ -z "$new_password" ]; then
+        new_password=$(generate_password)
+    fi
+
+    echo "DB name: $db_name"
+    echo "DB user: $db_user"
+    echo "New DB password: $new_password"
+    if [ $found_existing_password -eq 0 ] && [ -f "/root/remember-db-user-pass.txt" ]; then
+        echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt
+    fi
+    /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password"
+    if [ $? -ne 0 ]; then
+        echo "*************** ERROR: Failed to change database password ***************"
+        exit 1;
+    fi
+    line="define('DB_PASSWORD', '$new_password');"
+    chattr -i $wp_config_path
+    sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path
+    new_password_line=$(grep "DB_PASSWORD" $wp_config_path)
+    echo "New DB password line: $new_password_line"
+    if [ "$new_password_line" != "$line" ]; then
+        echo "*************** ERROR: line in wp-config.php is not what we expected ***************"
+        echo "Expected: $line"
+        echo "Actual  : $new_password_line"
+        echo "*************** ERROR: Please check wp-config.php manually ***************"
+        exit 1;
+    fi
+else
+    echo "ERROR: WP-config.php not found"
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-change-dir-www
+++ b/bin/v-change-dir-www
@ -0,0 +1,71 @@
+#!/bin/bash
+# info: Change directory to the public_html folder of a domain
+# usage: source v-cd-www DOMAIN
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+    echo "This script must be sourced to change the current directory."
+    echo "Usage: source v-cd-www DOMAIN"
+    exit 1
+fi
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    return 1
+fi
+
+# Importing system environment
+source /etc/profile
+PATH=$PATH:/usr/local/vesta/bin && export PATH
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+
+if [ -z "$user" ]; then
+    echo "Domain $domain doesn't exist"
+    return 1
+fi
+
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "User $user doesn't exist"
+    return 1
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Domain $domain doesn't have a public_html directory"
+    return 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+cd "/home/$user/web/$domain/public_html"
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+return 0
--- a/bin/v-change-domain-owner
+++ b/bin/v-change-domain-owner
@ -35,6 +35,9 @@ if [ "$owner" = "$user" ]; then
    exit
 fi

+USER_DATA=$VESTA/data/users/$owner
+is_object_unsuspended 'user' 'USER' "$owner"
+USER_DATA=$VESTA/data/users/$user

 #----------------------------------------------------------#
 #                       Action                             #
@ -57,11 +60,11 @@ if [ ! -z "$web_data" ]; then
        ssl_key=$VESTA/data/users/$owner/ssl/$domain.key
        ssl_ca=$VESTA/data/users/$owner/ssl/$domain.ca
        ssl_pem=$VESTA/data/users/$owner/ssl/$domain.pem
-        mv $ssl_crt $VESTA/data/users/$user/ssl/
-        mv $ssl_key $VESTA/data/users/$user/ssl/
-        mv $ssl_ca $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1
-        mv $ssl_pem $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1
-        rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
+        cp $ssl_crt $VESTA/data/users/$user/ssl/
+        cp $ssl_key $VESTA/data/users/$user/ssl/
+        cp $ssl_ca $VESTA/data/users/$user/ssl/ > /dev/null 2>&1
+        cp $ssl_pem $VESTA/data/users/$user/ssl/ > /dev/null 2>&1
+        # rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
    fi

    # Check ftp user account
@ -79,10 +82,23 @@ if [ ! -z "$web_data" ]; then
    # Move data
    mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/

+    if [ -d "/hdd/home/$owner/web/$domain" ]; then
+        $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain
+    fi
+
    # Change ownership
    find $HOMEDIR/$user/web/$domain -user $owner \
        -exec chown -h $user:$user {} \;

+    if [ "$SSL" = 'yes' ]; then
+        sleep 10
+        rm $ssl_crt
+        rm $ssl_key
+        rm $ssl_ca > /dev/null 2>&1
+        rm $ssl_pem > /dev/null 2>&1
+        rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
+    fi
+
    # Rebuild config
    $BIN/v-unsuspend-web-domain $user $domain no >> /dev/null 2>&1
    $BIN/v-rebuild-web-domains $owner no
@ -140,6 +156,10 @@ if [ ! -z "$mail_data" ]; then
    # Move data
    mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/

+    if [ -d "/hdd/home/$owner/mail/$domain" ]; then
+        $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain
+    fi
+
    # Change ownership
    find $HOMEDIR/$user/mail/$domain -user $owner \
        -exec chown -h $user {} \;
--- a/bin/v-change-firewall-rule
+++ b/bin/v-change-firewall-rule
@ -62,6 +62,8 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
 str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'"
 str="$str TIME='$time' DATE='$date'"

+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Deleting old rule
 sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf

@ -74,6 +76,14 @@ sort_fw_rules
 # Updating system firewall
 $BIN/v-update-firewall

+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
+        NEWIP=$ip
+        parse_object_kv_list_non_eval "$oldvalues"
+        sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf
+        systemctl restart nginx
+    fi
+fi

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-change-user-package
+++ b/bin/v-change-user-package
@ -16,6 +16,7 @@ force=$3

 # Includes
 source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf

 is_package_avalable() {
@ -23,7 +24,7 @@ is_package_avalable() {
    usr_data=$(cat $USER_DATA/user.conf)
    IFS=$'\n'
    for key in $usr_data; do
-        eval ${key%%=*}=${key#*=}
+        parse_object_kv_list_non_eval $key
    done

    WEB_DOMAINS='0'
@ -35,7 +36,7 @@ is_package_avalable() {

    pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
        grep -v DATE)
-    eval $pkg_data
+    parse_object_kv_list_non_eval $pkg_data

    # Checking usage agains package limits
    if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@ -73,11 +74,15 @@ is_package_avalable() {
            check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
        fi
    fi
+
+    is_web_template_valid $WEB_TEMPLATE
+    is_dns_template_valid $DNS_TEMPLATE
+    is_proxy_template_valid $PROXY_TEMPLATE
 }

 change_user_package() {
-    eval $(cat $USER_DATA/user.conf)
-    eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
+    parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf)
+    parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
    echo "FNAME='$FNAME'
 LNAME='$LNAME'
 PACKAGE='$package'
--- a/bin/v-change-vesta-port
+++ b/bin/v-change-vesta-port
@ -41,6 +41,7 @@ is_int_format_valid "$port" 'port number'
 #----------------------------------------------------------#

 sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf
+sed -i "s|$oldport ssl;|$port ssl;|g" $VESTA/nginx/conf/nginx.conf
 if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then
    sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php
 fi
--- a/bin/v-change-wordpress-admin-passwords
+++ b/bin/v-change-wordpress-admin-passwords
@ -0,0 +1,160 @@
+#!/bin/bash
+# info: interactively delete or change WordPress admin passwords for a given domain
+# options: DOMAIN
+#
+# d  → delete user  (with content reassignment)
+# c  → change password (random 10-char alnum)
+# s  → skip
+# x  → exit
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
+source /etc/profile
+
+DOMAIN="$1"
+[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; }
+
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
+
+WP_PATH="/home/$USER/web/$DOMAIN/public_html"
+[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
+
+# WP-CLI wrapper
+WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes)
+return_code=$?
+
+if [ $return_code -ne 0 ]; then
+    echo "WP-CLI error:"
+    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+    exit $return_code
+fi
+
+# random 10-char password
+gen_pass() { tr -dc 'A-Za-z0-9' </dev/urandom | head -c 10; }
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+cd "$WP_PATH" || exit 1
+echo
+echo "WordPress administrators for $DOMAIN:"
+echo "-------------------------------------"
+
+if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
+    rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+fi
+
+ADMIN_LIST_CSV=$("${WP_RUN[@]}" user list --role=administrator \
+                     --fields=ID,user_login,user_email \
+                     --format=csv --skip-plugins --skip-themes 2>/dev/null | tail -n +2)
+[ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; }
+
+printf "%-6s %-20s %s\n" "ID" "Username" "Email"
+echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do
+    printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL"
+done
+
+echo
+echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit."
+
+# interactive loop
+while IFS=',' read -r ID LOGIN EMAIL; do
+    [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN"
+    while true; do
+        echo "-------------------------------------"
+        read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty
+        case "$ACT" in
+            [Dd]* )
+                # read -r -p "Really DELETE \"$TARGET\" ?   (y/n, default: y) " CONF < /dev/tty
+                CONF="y"
+                if [[ ! "$CONF" =~ ^[Nn]$ ]]; then
+                    # build an array of OTHER admin usernames
+                    mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}')
+                    if [ "${#OTHER_USERS[@]}" -eq 0 ]; then
+                        echo "Cannot delete the only administrator account."
+                        break
+                    fi
+                    DEFAULT_USER="${OTHER_USERS[0]}"
+                    echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}"
+                    while true; do
+                        read -r -p "Reassign content to which username? [default: $DEFAULT_USER] " REASSIGN < /dev/tty
+                        REASSIGN=${REASSIGN:-$DEFAULT_USER}
+                        if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then
+                            break
+                        else
+                            echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}"
+                        fi
+                    done
+                    # delete by username, reassign by username
+                    "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes --skip-plugins --skip-themes
+                    if [ $? -eq 0 ]; then
+                        echo "$TARGET deleted (content reassigned to $REASSIGN)."
+                    else
+                        cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+                        echo "Failed to delete $TARGET."
+                    fi
+                else
+                    echo "Deletion cancelled."
+                fi
+                break
+                ;;
+            [Cc]* )
+                NEW_PASS=$(gen_pass)
+                "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --skip-plugins --skip-themes
+                if [ $? -eq 0 ]; then
+                    echo "Password for username '$TARGET' changed to: $NEW_PASS"
+                    echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                    chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                    chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                else
+                    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+                    echo "Failed to change password for $TARGET."
+                fi
+                break
+                ;;
+            [Ss]* )
+                echo "Skipping $TARGET."
+                break
+                ;;
+            [Xx]* )
+                echo "Exiting."
+                exit 0
+                ;;
+            * ) echo "Please answer d, c, s, or x." ;;
+        esac
+    done
+done <<< "$ADMIN_LIST_CSV"
+
+#----------------------------------------------------------#
+#        flush cache and refresh all security salts        #
+#----------------------------------------------------------#
+
+echo "-------------------------------------"
+echo
+echo "Flushing cache and refreshing salts..."
+
+"${WP_RUN[@]}" cache flush
+"${WP_RUN[@]}" config shuffle-salts WP_CACHE_KEY_SALT --force
+"${WP_RUN[@]}" config shuffle-salts
+
+echo "Cache flushed and salts refreshed."
+
+echo
+echo "Done."
+
+if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
+    echo "-------------------------------------"
+    echo "For website $DOMAIN - new wp-admin passwords have been set."
+    echo "-------------------------------------"
+    cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+    echo "-------------------------------------"
+    echo ""
+    read -r -p "== Press Enter to continue..."
+fi
+
+exit 0
--- a/bin/v-clean-garbage
+++ b/bin/v-clean-garbage
@ -14,6 +14,10 @@ if [ "$whoami" != "root" ]; then
    exit 1
 fi

+echo "===== Before cleaning ====="
+df -h
+echo "==========================="
+
 # Includes
 source /usr/local/vesta/func/main.sh

@ -21,6 +25,15 @@ source /usr/local/vesta/func/main.sh
 #                       Action                             #
 #----------------------------------------------------------#

+# turn off tailf watcher process
+if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
+    kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}')
+fi
+if [ -f "/usr/local/bin/tailf_exim.php" ]; then
+    kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}')
+fi
+
+find /tmp/ -type f -mtime +7 -delete
 rm /var/backups/* > /dev/null 2>&1
 rm /var/cache/apt/archives/* > /dev/null 2>&1
 cd /var/log
@ -37,13 +50,18 @@ find /var/log/ -type f -name "*.4" -delete
 find /var/log/ -type f -name "*.5" -delete
 find /var/log/ -type f -name "*.6" -delete
 find /var/log/ -type f -name "*.7" -delete
+find /var/log/ -type f -name "*.8" -delete
+find /var/log/ -type f -name "*.9" -delete
 find /var/log/ -name "*.gz" -type f -delete
 find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \;
 find /usr/local/vesta/log/ -type f -not -name "*.log" -delete
 find /var/log/exim4/ -type f -exec truncate -s 0 {} \;
+truncate -s 0 /*.log > /dev/null 2>&1
+rm /panic-*.log > /dev/null 2>&1
+rm /var/log/panic-*.log > /dev/null 2>&1

 clean_home() {
-    nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete
+    nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete > /dev/null 2>&1
    find $1/ -name '.wp-cli' -type d -exec rm -rf {} \; > /dev/null 2>&1
    find $1/*/web/*/public_html/wp-content/aiowps_backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
    find $1/*/web/*/public_html/wp-content/envato-backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
@ -51,7 +69,10 @@ clean_home() {
    find $1/*/web/*/public_html/wp-content/wpvividbackups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
    find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
    find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name ".htaccess" -delete > /dev/null 2>&1
    find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1
+    nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1
    nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \;
    nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \;
    nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \;
@ -69,16 +90,43 @@ if [ $fail2ban_running -eq 1 ]; then
 fi
 if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
    rm /var/lib/fail2ban/fail2ban.sqlite3
+    if [ -f "/etc/nginx/conf.d/block.conf" ]; then
+        truncate -s 0 /etc/nginx/conf.d/block.conf
+        nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
+        if [ $nginx_running -eq 1 ]; then
+            systemctl restart nginx
+        fi
+    fi
 fi
 if [ $fail2ban_running -eq 1 ]; then
    systemctl start fail2ban
 fi

+# turn on tailf watcher process
+if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
+    nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log 2>&1 &
+fi
+if [ -f "/usr/local/bin/tailf_exim.php" ]; then
+    nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 &
+fi
+
+exim_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'exim')
+if [ $exim_installed -gt 0 ]; then
+    systemctl restart exim4
+fi
+
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#

-echo "=== Garbage cleaned ==="
+echo ""
+echo "***** Garbage cleaned *****"
+echo ""
+echo "===== After cleaning ======"
+df -h
+echo "==========================="
+

 log_event "$OK" "$ARGUMENTS"

--- a/bin/v-clear-fail2ban
+++ b/bin/v-clear-fail2ban
@ -0,0 +1,59 @@
+#!/bin/bash
+# info: Clean fail2ban database
+# options: NONE
+#
+# The function is cleaning fail2ban database
+
+#----------------------------------------------------------#
+#           Verifications & Variable & Function            #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# check if fail2ban is installed
+fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban')
+if [ $fail2ban_installed -eq 0 ]; then
+    echo "Fail2ban is not installed"
+    exit 1
+fi
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Cleaning fail2ban database
+fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running')
+if [ $fail2ban_running -eq 1 ]; then
+    echo "== Stopping fail2ban"
+    systemctl stop fail2ban
+fi
+if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
+    echo "== Cleaning fail2ban database"
+    rm /var/lib/fail2ban/fail2ban.sqlite3
+    if [ -f "/etc/nginx/conf.d/block.conf" ]; then
+        echo "== Cleaning nginx block.conf"
+        truncate -s 0 /etc/nginx/conf.d/block.conf
+        nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
+        if [ $nginx_running -eq 1 ]; then
+            echo "== Restarting nginx"
+            systemctl restart nginx
+        fi
+    fi
+fi
+if [ $fail2ban_running -eq 1 ]; then
+    echo "== Starting fail2ban"
+    systemctl start fail2ban
+fi
+
+echo "== Done, fail2ban database cleaned"
+
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-clone-website
+++ b/bin/v-clone-website
@ -20,6 +20,7 @@ if [ $# -lt 2 ]; then
    echo "--TO_DATABASE_USERNAME=..."
    echo "--TO_DATABASE_PASSWORD=..."
    echo "--SITE_SUBFOLDER=..."
+    echo "--EXCLUDE_UPLOADS=1 (or do not set it)"
    exit 1
 fi

@ -313,6 +314,7 @@ echo "FROM_DOMAIN_PROXY_TPL = $FROM_DOMAIN_PROXY_TPL"
 echo "FROM_DOMAIN_PROXY_EXT = $FROM_DOMAIN_PROXY_EXT"
 echo "SEARCH_FOR_CONFIGS_DATABASE_NAME     = $SEARCH_FOR_CONFIGS_DATABASE_NAME"
 echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME = $SEARCH_FOR_CONFIGS_DATABASE_USERNAME"
+echo "EXCLUDE_UPLOADS = $EXCLUDE_UPLOADS"
 echo "==============================================================================="
 read -p "=== Press Enter to continue ==="

@ -370,17 +372,25 @@ if [ -d "/root/temp" ]; then
 fi
 mkdir -p /root/temp
 cd /root/temp
-mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql
+mysqldump --max_allowed_packet=1024M $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql
 echo "=== Importing to database $TO_DATABASE_NAME"
 mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql
+rm $FROM_DATABASE_NAME.sql
+
+EXCLUDE=''
+if [ ! -z "$EXCLUDE_UPLOADS" ]; then
+    EXCLUDE="--exclude '/wp-content/uploads/*'"
+fi

 echo "=== Copying files from $FROM_FOLDER to folder $TO_FOLDER"
 if [ "$SITE_SUBFOLDER" != ".." ]; then
-    echo "====== Executing: rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/"
-    rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/
+    run="rsync -a --delete $EXCLUDE $FROM_FOLDER/ $TO_FOLDER/"
+    echo "====== Executing: $run"
+    eval $run
 else
-    echo "====== Executing: rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/"
-    rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/
+    run="rsync -a --delete $EXCLUDE --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/"
+    echo "====== Executing: $run"
+    eval $run
 fi
 echo "=== Chowning to $TO_USER:$TO_USER in folder $TO_FOLDER"
 chown -R $TO_USER:$TO_USER $TO_FOLDER
@ -419,16 +429,37 @@ if [ $IT_IS_WP -eq 0 ]; then
        php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/"
    fi
 else
+    phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN")
    cd $TO_FOLDER
    echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME"
-    sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid
+    sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
    if [ "$FROM_USER" != "$TO_USER" ]; then
        echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME"
-        sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid
+        sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
+    fi
+    sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
+    sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
+    sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
+fi
+
+# ----------- Update Wordfence WAF Path -------------
+
+# Path to .user.ini file in the new domain directory
+user_ini="/home/$TO_USER/web/$TO_DOMAIN/public_html/.user.ini"
+
+# Check if .user.ini exists
+if [ -f "$user_ini" ]; then
+    echo "Updating .user.ini with new path..."
+
+    # Change path from old domain to new domain
+    sed -i "s|/home/.*/public_html|/home/$TO_USER/web/$TO_DOMAIN/public_html|g" $user_ini
+
+    # Check if replacement was successful and update .user.ini
+    if [ $? -eq 0 ]; then
+        echo ".user.ini updated successfully."
+    else
+        echo "Failed to update .user.ini file."
    fi
-    sudo -H -u$TO_USER wp cache flush
-    sudo -H -u$TO_USER wp config shuffle-salts WP_CACHE_KEY_SALT --force
-    sudo -H -u$TO_USER wp config shuffle-salts
 fi

 echo "===== DONE ===="
--- a/bin/v-commander
+++ b/bin/v-commander
@ -13,11 +13,14 @@ fi

 source /etc/profile
 PATH=$PATH:/usr/local/vesta/bin && export PATH
-echo "======================= mvVesta-commander ================================"
+if [ $SHOWHEADER -eq 1 ]; then
+    echo "======================= mvVesta-commander ================================"
+fi

 if [ -f /root/kernelupdate ]; then
    rm /root/kernelupdate
 fi
+apt_updated=0
 apt_upgraded=0
 quit_on_empty=0

@ -60,23 +63,24 @@ check_status() {

 myhelp() {
    echo "---------- Press: -----------"
-    echo "u  = apt-get update"
-    echo "g  = apt-get upgrade"
+    echo "a  = Activate Email rate limit"
+    echo "b  = bash"
    echo "c  = check status"
+    echo "d  = df -h"
    echo "e  = make sure Apache is in mpm_event"
-    echo "s  = download sury.org apt-get key"
+    echo "f  = free -h"
+    echo "g  = apt-get upgrade"
+    echo "h  = help"
    echo "m  = install php-memcached"
    echo "p  = set version of php as default"
+    echo "q  = quit"
+    echo "r  = reboot"
+    echo "s  = download sury.org apt-get key"
+    echo "t  = clean the trash"
+    echo "u  = apt-get update"
    echo "v  = update myVesta"
    echo "vo = update myVesta without 'apt-get update'"
-    echo "t  = clean the trash"
    echo "w  = w"
-    echo "d  = df -h"
-    echo "f  = free -h"
-    echo "b  = bash"
-    echo "r  = reboot"
-    echo "q  = quit"
-    echo "h  = help"
    echo "-----------------------------"
    echo "inst v                = install myVesta"
    echo "inst p                = install multi-php"
@ -84,10 +88,11 @@ myhelp() {
    echo "inst r                = install new Roundcube"
    echo "inst memcached        = install memcached"
    echo "inst redis            = install Redis"
+    echo "inst nginx-rate-limit = install nginx-rate-limit templates"
    echo "dis fb   = stop and disable fail2ban"
    echo "dis dove = stop and disable dovecot"
-    echo "dis spam = stop and disable spam"
-    echo "dis clam = stop and disable clamav"
+    echo "dis spam = stop and disable spamassassin"
+    echo "dis clam = stop and disable ClamAV"
    echo "p 7.0    = set default php 7.0"
    echo "p 7.3    = set default php 7.3"
    echo "p 7.4    = set default php 7.4"
@ -96,20 +101,38 @@ myhelp() {
    echo "m def    = install php-memcached if needed"
    echo "check fc = check if FreshClam is up"
    echo "-----------------------------"
-    echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account"
+    echo "enable-ssh-root-password-login = Allow root password authentication via SSH"
+    echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub"
    echo "-----------------------------"
 }

+apt_update() {
+    echo "============================="
+    echo "== running: apt-get update"
+    release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+    if [ "$release" -lt 10 ]; then
+        apt-get update
+    else
+        apt-get update --allow-releaseinfo-change
+    fi
+    apt_updated=1
+}
+
 COUNTER=0
+HAS_PARAMETERS=0

 while true
 do

    COUNTER=$((COUNTER + 1))
    if [ $COUNTER -le $numargs ]; then
+        HAS_PARAMETERS=1
        answer=$1
        shift
    else
+        if [ $HAS_PARAMETERS -eq 1 ]; then
+            exit;
+        fi
        read -p 'What to do: ' answer
    fi

@ -126,17 +149,42 @@ do
    if [ "$answer" = 'quit-on-empty' ]; then
        echo "== the script will quit on next enter"
        quit_on_empty=1
+        HAS_PARAMETERS=0
    fi

-    if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then
-        echo "============================="
-        echo "== running: apt-get update"
-        release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
-        if [ "$release" -lt 10 ]; then
-            apt-get update
-        else
-            apt-get update --allow-releaseinfo-change
+
+    if [ "$answer" = 'a' ] || [ "$answer" = 'A' ]; then
+    mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup
+    cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template
+
+    touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
+    touch /etc/exim4/limit_per_email_account_max_recipients
+    touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
+    touch /etc/exim4/limit_per_hosting_account_max_recipients
+
+    check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template
    fi
+
+    check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template
+    fi
+
+    check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template
+    fi
+
+    systemctl restart exim4
+    echo "Email rate limit activated."
+    fi
+
+
+
+    if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then
+        apt_update
    fi

    if [ "$answer" = 'g' ] || [ "$answer" = 'G' ]; then
@ -241,8 +289,14 @@ do
    if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then
        echo "============================="
        echo "== disabling SpamAssassin"
+        release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+        if [ "$release" -lt 12 ]; then
            systemctl stop spamassassin.service
            systemctl disable spamassassin.service
+        else
+            systemctl stop spamd.service
+            systemctl disable spamd.service
+        fi

        sed -i "s/^SPAMASSASSIN =/#SPAMASSASSIN =/g" /etc/exim4/exim4.conf.template
        sed -i "s/^SPAM_SCORE =/#SPAM_SCORE =/g" /etc/exim4/exim4.conf.template
@ -354,32 +408,13 @@ do
        echo "============================="
        echo "== cleaning trash"
        df -m
-        ps -Af | grep tailf | grep -v "grep tailf"
-        if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
-            kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}')
-        fi
-        if [ -f "/usr/local/bin/tailf_exim.php" ]; then
-            kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}')
-        fi
        echo "------"
        ps -Af | grep tailf | grep -v "grep tailf"
        echo "------"
-        sleep 2
-        truncate -s 0 /*.log
-        rm /panic-*.log
-        rm /var/log/panic-*.log
        /usr/local/vesta/bin/v-clean-garbage
-        sleep 2
-        if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
-            nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log &
-        fi
-        if [ -f "/usr/local/bin/tailf_exim.php" ]; then
-            nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log &
-        fi
        echo "--------------"
        df -m
        echo "--------------"
-        sleep 2
        ps -Af | grep tailf | grep -v "grep tailf"
    fi

@ -438,8 +473,8 @@ do
        memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
        apt-get update
        apt-get -y install memcached 
-        apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ")
-        apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ")
+        apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ")
+        apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ")
        if [ $memory -lt 15000000 ]; then
            sed -i "s/-m 64/-m 256/" /etc/memcached.conf
        else
@ -460,6 +495,7 @@ do

        sed -i "s|^supervised no|supervised systemd|g" /etc/redis/redis.conf
        sed -i "s|^save |# save |g" /etc/redis/redis.conf
+        sed -i 's|^# save ""|save ""|g' /etc/redis/redis.conf
        if [ $memory -lt 15000000 ]; then
            sed -i "s|^# maxmemory .*|maxmemory 256m|g" /etc/redis/redis.conf
        else
@ -472,6 +508,15 @@ do
        echo "-------------------"
    fi

+    if [ "$answer" = 'inst nginx-rate-limit' ] || [ "$answer" = 'INST NGINX-RATE-LIMIT' ]; then
+        echo "============================="
+        echo "== Installing inst nginx-rate-limit templates"
+        curl -O https://c.myvestacp.com/tools/rate-limit-tpl/install_rate_limit_tpl.sh
+        bash install_rate_limit_tpl.sh
+        echo "== nginx-rate-limit templates installed."
+        echo "-------------------"
+    fi
+
    if [ "$answer" = 'check fc' ] || [ "$answer" = 'CHECK FC' ]; then
        echo "== Checking if FreshClam is up"
        clamavup=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-daemon' | grep -c 'running')
@ -490,21 +535,13 @@ do
        echo "--- New settings ---"
        grep '^PermitRoot' /etc/ssh/sshd_config
        echo "--------------------"
-        adminline=$(grep '^admin:' /etc/shadow)
-        adminline=${adminline:6}
-        adminline="root:$adminline"
-        sed -i "s#^root:.*#$adminline#" /etc/shadow
-        echo "root password is now the same as admin password."
-        echo "--------------------"
-        grep '^root:' /etc/shadow
-        grep '^admin:' /etc/shadow
-        echo "--------------------"
        echo "Port 22 opened in Firewall for all IP addresses."
        /usr/local/vesta/bin/v-unsuspend-firewall-rule "11"
        echo "--------------------"
+        echo "Type 'passwd' in the terminal to set the root password."
+        echo "--------------------"
    fi

-
    if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then
        echo "============================="
        echo "== Rebooting the server"
@ -554,4 +591,13 @@ do
        /root/install-new-roundcube.sh
    fi

+    if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then
+        if [ ! -f "/root/.ssh/id_rsa.pub" ]; then
+            ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -b 4096 -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null
+        fi
+        echo "=== YOUR id_rsa.pub IS BELOW ==="
+        cat /root/.ssh/id_rsa.pub
+        echo "======"
+    fi
+
 done
--- a/bin/v-delete-database-of-domain
+++ b/bin/v-delete-database-of-domain
@ -0,0 +1,69 @@
+#!/bin/bash
+# info: delete database if domain has database
+# options: DOMAIN
+#
+# The function for deleting database if domain has database
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+RET=$OK
+
+# echo "================================="
+r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain)
+# echo $r
+eval $r
+# echo "================================="
+
+if [ ! -z "$DATABASE_NAME" ]; then
+    echo "=== v-delete-database $USER $DATABASE_NAME"
+    /usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME
+    if [ $? -ne 0 ]; then
+        echo "=== v-delete-database failed"
+        RET=$E_NOTEXIST
+    fi
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+log_event "$RET" "$ARGUMENTS"
+
+exit
--- a/bin/v-delete-domain
+++ b/bin/v-delete-domain
@ -37,9 +37,10 @@ is_object_unsuspended 'user' 'USER' "$user"
 if [ ! -z "$WEB_SYSTEM" ]; then
    str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
    if [  ! -z "$str" ]; then
+        $BIN/v-delete-database-of-domain $domain
        domain_found='yes'
        $BIN/v-delete-web-domain $user $domain 'no'
-        check_result $? "can't suspend web" > /dev/null
+        check_result $? "can't delete web" > /dev/null
    fi
 fi

@ -49,7 +50,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then
    if [  ! -z "$str" ]; then
        domain_found='yes'
        $BIN/v-delete-dns-domain $user $domain 'no'
-        check_result $? "can't suspend dns" > /dev/null
+        check_result $? "can't delete dns" > /dev/null
    fi
 fi

@ -59,7 +60,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then
    if [  ! -z "$str" ]; then
        domain_found='yes'
        $BIN/v-delete-mail-domain $user $domain
-        check_result $? "can't suspend mail" > /dev/null
+        check_result $? "can't delete mail" > /dev/null
    fi
 fi

--- a/bin/v-delete-firewall-ban
+++ b/bin/v-delete-firewall-ban
@ -53,6 +53,11 @@ $iptables -D fail2ban-$chain $b 2>/dev/null
 # Changing permissions
 chmod 660 $conf

+# nginx deny rules conf
+if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then
+    sed -i "/deny $ip;/d" /etc/nginx/conf.d/block.conf
+    systemctl reload nginx
+fi

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-delete-firewall-rule
+++ b/bin/v-delete-firewall-rule
@ -34,12 +34,21 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule"
 #                       Action                             #
 #----------------------------------------------------------#

+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Deleting rule
 sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf

 # Updating system firewall
 $BIN/v-update-firewall

+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    parse_object_kv_list_non_eval "$oldvalues"
+    if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
+        sed -i "/$IP/d" /etc/nginx/conf.d/block-firewall.conf
+        systemctl restart nginx
+    fi
+fi

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-delete-mail-domain
+++ b/bin/v-delete-mail-domain
@ -51,6 +51,9 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
    rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn
    rm -rf $HOMEDIR/$user/conf/mail/$domain
    rm -rf $HOMEDIR/$user/mail/$domain_idn
+    if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then
+        rm -rf /hdd/home/$user/mail/$domain_idn
+    fi
 fi

 # Deleting dkim dns record
--- a/bin/v-delete-mail-domain-dkim
+++ b/bin/v-delete-mail-domain-dkim
@ -48,7 +48,7 @@ fi
 # Deleting dns record
 if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
    records=$($BIN/v-list-dns-records $user $domain plain)
-    dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
+    dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}')
    for id in $dkim_records; do
        $BIN/v-delete-dns-record $user $domain $id
    done
--- a/bin/v-delete-mails
+++ b/bin/v-delete-mails
@ -0,0 +1,127 @@
+#!/bin/bash
+# info: delete old emails (by mtime) for user/domain/account, with optional scope
+# usage:   v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE
+# SCOPE:   all    – clean every Maildir folder (cur, new, tmp, custom subfolders)
+#          trash  – clean only Trash/Junk/Spam folders
+
+# load Vesta functions & config
+source "$VESTA/func/main.sh"
+source "$VESTA/conf/vesta.conf"
+
+# read arguments
+user="$1"
+domain="$2"
+account="$3"
+mtime="$4"
+scope="$5"
+
+# verify argument count
+check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE'
+
+# validate scope
+if [[ "$scope" != "all" && "$scope" != "trash" ]]; then
+  echo "ERROR: SCOPE must be 'all' or 'trash'."
+  exit 1
+fi
+
+# validate logical combinations
+if [[ "$user" == "all" ]]; then
+  if [[ "$domain" != "all" || "$account" != "all" ]]; then
+    echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'."
+    exit 1
+  fi
+elif [[ "$domain" == "all" && "$account" != "all" ]]; then
+  echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'."
+  exit 1
+fi
+
+# build a detailed summary for the warning
+declare -a summary_parts
+if [[ "$user" == "all" ]]; then
+  summary_parts+=("all users")
+else
+  summary_parts+=("user '$user'")
+fi
+
+if [[ "$domain" == "all" ]]; then
+  summary_parts+=("all domains")
+else
+  summary_parts+=("domain '$domain'")
+fi
+
+if [[ "$account" == "all" ]]; then
+  summary_parts+=("all accounts")
+else
+  summary_parts+=("account '$account'")
+fi
+
+# join with commas
+summary=$(printf ", %s" "${summary_parts[@]}")
+summary=${summary:2}
+
+# only warn if any of them is 'all' or if mtime is 'all'
+if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then
+  echo "WARNING: This will delete emails older than '$mtime' days for ${summary}."
+  read -p "Are you sure? (yes/no): " confirm
+  [[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; }
+fi
+
+# function to delete emails
+delete_emails() {
+  local u="$1" d="$2" a="$3"
+  local maildir="/home/$u/mail/$d/$a"
+
+  [[ ! -d "$maildir" ]] && return
+
+  echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime"
+
+  # build find predicates
+  if [[ "$scope" == "all" ]]; then
+    folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" )
+  else
+    folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" )
+  fi
+
+  # assemble and run find
+  if [[ "$mtime" == "all" ]]; then
+    find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null
+  else
+    find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null
+  fi
+}
+
+# collect users
+if [[ "$user" == "all" ]]; then
+  users=$(v-list-users plain | awk '{print $1}')
+else
+  users="$user"
+fi
+
+# iterate through users, domains, accounts
+for u in $users; do
+  if [[ "$domain" == "all" ]]; then
+    domains=$(v-list-mail-domains "$u" plain | awk '{print $1}')
+  else
+    domains="$domain"
+  fi
+
+  for d in $domains; do
+    if [[ "$account" == "all" ]]; then
+      accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}')
+    else
+      accounts="$account"
+    fi
+
+    for a in $accounts; do
+      delete_emails "$u" "$d" "$a"
+    done
+  done
+done
+
+# restart dovecot to refresh mailbox state
+systemctl restart dovecot
+
+# log the action (status first, then message)
+log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account"
+
+exit 0
--- a/bin/v-delete-user
+++ b/bin/v-delete-user
@ -94,6 +94,9 @@ fi
 # Deleting user directories
 chattr -i $HOMEDIR/$user/conf
 rm -rf $HOMEDIR/$user
+if [ -d "/hdd/home/$user" ]; then
+    rm -rf /hdd/home/$user
+fi
 rm -f /var/spool/mail/$user
 rm -f /var/spool/cron/$user
 rm -f /var/spool/cron/crontabs/$user
--- a/bin/v-delete-web-domain
+++ b/bin/v-delete-web-domain
@ -62,36 +62,24 @@ if [ -f "$fpmconf" ]; then
    rm $fpmconf
    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
 fi
-fpmconf="/etc/php/5.6/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
+
+for PHPV in /etc/php/*; do
+    if [ -d "${PHPV}" ]; then
+        # PHPVER=$(basename ${PHPV})
+        POOLD="${PHPV}/fpm/pool.d"
+        fpmconf="$POOLD/$domain.conf"
+        if [ -f "$fpmconf" ]; then
            rm $fpmconf
            echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.0/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
+        fi
+        POOLD="${PHPV}/fpm/pool.d-ioncube"
+        fpmconf="$POOLD/$domain.conf"
+        if [ -f "$fpmconf" ]; then
            rm $fpmconf
            echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.1/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.2/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.3/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.4/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
+        fi
+    fi
+done

 # Deleting domain from web.conf
 sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf
@ -142,6 +130,9 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error*

 # Deleting directory
 rm -rf $HOMEDIR/$user/web/$domain
+if [ -d "/hdd/home/$user/web/$domain" ]; then
+    rm -rf /hdd/home/$user/web/$domain
+fi


 #----------------------------------------------------------#
--- a/bin/v-desinfect-wordpress
+++ b/bin/v-desinfect-wordpress
@ -0,0 +1,79 @@
+#!/bin/bash
+# info: disinfect a WordPress site with several maintenance commands
+# options: DOMAIN
+
+# -------------------------------------------------------- #
+#                    variables and checks                  #
+# -------------------------------------------------------- #
+
+if [ "$(whoami)" != "root" ]; then
+    echo "You must be root to run this command."
+    exit 1
+fi
+
+# make sure all Vesta helper scripts are reachable
+export PATH="/usr/local/vesta/bin:$PATH"
+source /etc/profile
+
+domain="$1"
+if [ -z "$domain" ]; then
+    echo "Usage: v-desinfect-wp DOMAIN"
+    exit 1
+fi
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain")
+if [ -z "$user" ]; then
+    echo "Domain $domain does not exist."
+    exit 1
+fi
+
+# absolute paths to maintenance scripts, in desired order
+declare -a tasks=(
+    "/usr/local/vesta/bin/v-change-database-password-for-wordpress"
+    "/usr/local/vesta/bin/v-change-wordpress-admin-passwords"
+    "/usr/local/vesta/bin/v-fix-wordpress-core"
+    "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
+    "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
+)
+
+# -------------------------------------------------------- #
+#                    execution strategy                    #
+# -------------------------------------------------------- #
+
+echo
+read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty
+
+if [[ "$run_all" =~ ^[Yy]$ ]]; then
+    echo "Running all maintenance steps for $domain"
+    automatic=true
+else
+    echo
+    echo "Selective mode. You will be asked for each step."
+    automatic=false
+fi
+
+for cmd in "${tasks[@]}"; do
+    if [ ! -x "$cmd" ]; then
+        echo "Command $cmd not found or not executable, skipping."
+        continue
+    fi
+
+    if [ "$automatic" = false ]; then
+        while true; do
+            read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty
+            case "$yn" in
+                [Yy]* ) break ;;
+                [Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;;
+                * )     echo "Please answer y or n." ;;
+            esac
+        done
+    fi
+
+    echo
+    echo "=== $(basename "$cmd") $domain ==="
+    "$cmd" "$domain"
+done
+
+echo
+echo "Done."
+exit 0
--- a/bin/v-edit-domain-php-ini
+++ b/bin/v-edit-domain-php-ini
@ -0,0 +1,90 @@
+#!/bin/bash
+# info: Edit php.ini for certain domain
+# options: DOMAIN 
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    # echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    # echo "Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain $domain)
+
+if [ -z "$fpm_ver" ]; then
+    echo "PHP version for domain $domain could not be determined."
+    exit 1
+fi
+
+config_file="/etc/php/${fpm_ver}/fpm/pool.d/${domain}.conf"
+
+if command -v mcedit >/dev/null; then
+    mcedit "$config_file"
+else
+    nano "$config_file"
+fi
+
+echo "Restarting PHP-FPM service for PHP version ${fpm_ver}"
+systemctl restart php${fpm_ver}-fpm
+if [ $? -ne 0 ]; then
+    systemctl status php${fpm_ver}-fpm
+    echo "========================="
+    echo ""
+    echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!"
+    echo ""
+    exit $E_RESTART;
+else
+    echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully."
+fi
+echo ""
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;
--- a/bin/v-edit-php-ini
+++ b/bin/v-edit-php-ini
@ -0,0 +1,70 @@
+#!/bin/bash
+# info: Edit php.ini for a specific PHP version
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# List available PHP versions and store them into an array
+mapfile -t php_versions < <(/usr/local/vesta/bin/v-list-php)
+
+echo "Available PHP versions:"
+PS3="Please select the PHP version you want to edit php.ini for: "
+
+select php_version in "${php_versions[@]}"; do
+    if [[ -n $php_version ]]; then
+        break
+    else
+        echo "Invalid choice. Please try again."
+    fi
+done
+
+# Define path to the php.ini file
+php_ini_path="/etc/php/${php_version}/fpm/php.ini"
+
+# Check if php.ini exists for the selected version
+if [[ ! -f "$php_ini_path" ]]; then
+    echo "The php.ini file for the selected PHP version ($php_version) does not exist."
+    exit 1
+fi
+
+# Determine the text editor to use
+if command -v mcedit >/dev/null 2>&1; then
+    editor_cmd="mcedit"
+elif command -v nano >/dev/null 2>&1; then
+    editor_cmd="nano"
+else
+    echo "No supported text editor found. Please install 'mcedit' or 'nano'."
+    exit 1
+fi
+
+# Open php.ini for the chosen PHP version in the selected editor
+echo "Opening $php_ini_path in editor $editor_cmd..."
+$editor_cmd "$php_ini_path"
+
+# Restart the PHP-FPM service for the selected version
+echo "Restarting the PHP-FPM service for PHP version $php_version..."
+systemctl restart php${php_version}-fpm
+if [ $? -ne 0 ]; then
+    systemctl status php${php_version}-fpm
+    echo "========================="
+    echo ""
+    echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!"
+    echo ""
+    exit $E_RESTART;
+else
+    echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully."
+fi
+
+#----------------------------------------------------------#
+#                       Exit                               #
+#----------------------------------------------------------#
+
+exit 0;
--- a/bin/v-fix-php-ini-disable-functions
+++ b/bin/v-fix-php-ini-disable-functions
@ -0,0 +1,35 @@
+#!/bin/bash
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1;
+fi
+
+if [ -f "/tmp/patched" ]; then rm /tmp/patched; fi;
+
+echo "=== Fixing php.ini files to have the correct disable_functions line"
+
+export NOTFOUNDVAL="exec,system,passthru,shell_exec"
+export LINEBEGINSWITH="disable_functions ="
+export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
+
+find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Fixing existing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _
+
+export NOTFOUNDVAL2="^$LINEBEGINSWITH"
+export REMOVELINETHATCONTAINS=$LINEBEGINSWITH
+
+find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Adding missing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _
+
+if [ -f "/tmp/patched" ]; then
+    rm /tmp/patched
+
+    echo "== Restarting all PHP-FPM services"
+    systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart
+
+    echo "=== Everything done."
+else
+    echo "=== Everything is already correct."
+fi
+
+exit 0;
--- a/bin/v-fix-user-permissions
+++ b/bin/v-fix-user-permissions
@ -44,7 +44,7 @@ find /home/$user/mail/*/ -type d -exec chmod u+rwx {} \;
 find /home/$user/mail/*/ -type d -exec chmod g+rwx {} \;
 find /home/$user/mail/*/ -type f -exec chmod u+rw {} \;
 find /home/$user/mail/*/ -type f -exec chmod g+rw {} \;
-
+find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \;

 find /home/$user/conf/dns/ -type f -exec chown root:bind {} \;
 find /home/$user/conf/ -type d -exec chown root:root {} \;
@ -52,6 +52,7 @@ find /home/$user/conf/ -type d -exec chown root:root {} \;
 find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} +
 find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} +
 find /home/$user/web/*/public_html/ -exec chown $user:$user {} \;
+find /home/$user/web/*/ -name "*.php" -type f -exec chmod 600 {} +

 echo "Done, permissions fixed for user: $user"

--- a/bin/v-fix-website-permissions
+++ b/bin/v-fix-website-permissions
@ -0,0 +1,88 @@
+#!/bin/bash
+# info: Fixing chown and chmod permissions in the public_html directory
+# options: DOMAIN 
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Going to domain directory
+cd /home/$USER/web/$domain
+
+# Ownership check
+if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then
+    owner=$(stat -c '%U' "public_html/index.php")
+    if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then
+        echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)"
+        exit 1
+    fi
+fi
+
+
+echo "Updating permissions for /home/$USER/web/$domain/public_html/"
+find public_html/ -type d -exec chmod 755 {} +
+find public_html/ -type f -exec chmod 644 {} +
+chown -R $USER:$USER public_html/
+
+# Setting chmod 600 for all php files
+echo "= Setting chmod 600 for all php files"
+find -name "*.php" -type f -exec chmod 600 {} +
+find -name ".env" -type f -exec chmod 600 {} +
+find -name "*.php" -type f -exec chown $USER:$USER {} +
+find -name ".env" -type f -exec chown $USER:$USER {} +
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+echo "Permissions for $domain have been successfully updated."
+
+exit 0
--- a/bin/v-fix-website-permissions-for-all-websites
+++ b/bin/v-fix-website-permissions-for-all-websites
@ -0,0 +1,41 @@
+#!/bin/bash
+# info: fix website permissions for all websites
+# options:
+#
+# The command is used for fixing website permissions for all websites on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        /usr/local/vesta/bin/v-fix-website-permissions $domain $user
+        echo "--------------------------------"
+    done
+
+done
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-fix-wordpress-core
+++ b/bin/v-fix-wordpress-core
@ -0,0 +1,110 @@
+#!/bin/bash
+# info: fix compromised wp-admin and wp-includes
+# options: DOMAIN [CACHE_DIR]
+#
+# Replaces wp-admin and wp-includes with clean copies that match
+# the WordPress core version detected on the site.
+#
+# Example:
+#   v-fix-wp-core example.com
+#   v-fix-wp-core example.com /srv/wp-cache
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+# Arguments
+DOMAIN="$1"
+CACHE_DIR="${2-/srv/wp-cache}"       # default cache location
+
+QUARANTINE_DIR="/srv/wp-quarantine"
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+check_args '1' "$#" 'DOMAIN [CACHE_DIR]'
+is_format_valid 'domain'
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)"  # temp workspace
+trap 'rm -rf "$TMP_DIR"' EXIT
+
+# 1etermine WP version
+WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')"
+check_result $? "cannot detect WP version" > /dev/null
+if [ -z "$WP_VERSION" ]; then
+    check_result 1 "empty WP version string"
+fi
+echo "Detected WordPress version $WP_VERSION"
+
+# 2ind site owner and path
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+check_result $? "cannot find domain owner" > /dev/null
+SITE_PATH="/home/$USER/web/$DOMAIN/public_html"
+if [ ! -d "$SITE_PATH" ]; then
+    check_result 1 "site path $SITE_PATH does not exist"
+fi
+
+# ensure cached core is present
+CACHE_PATH="$CACHE_DIR/$WP_VERSION"
+if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then
+    echo "Cache for $WP_VERSION missing, downloading ZIP..."
+
+    mkdir -p "$CACHE_PATH"
+    ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip"
+    ZIP_FILE="$TMP_DIR/wp.zip"
+
+    curl -fSL "$ZIP_URL" -o "$ZIP_FILE"
+    check_result $? "download failed" > /dev/null
+
+    unzip -q "$ZIP_FILE" -d "$TMP_DIR"
+    check_result $? "unzip failed" > /dev/null
+
+    mv "$TMP_DIR/wordpress/wp-admin"    "$CACHE_PATH/"
+    mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/"
+    cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/"
+fi
+
+# backup current core folders
+TIMESTAMP="$(date +%Y%m%d%H%M%S)"
+BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP"
+mkdir -p "$BACKUP_DIR"
+mv "$SITE_PATH/wp-admin"    "$BACKUP_DIR/"
+mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/"
+
+for f in "$SITE_PATH"/*.php; do
+    [[ $(basename "$f") == "wp-config.php" ]] && continue
+    mv "$f" "$BACKUP_DIR/"
+done
+if [ -f "$SITE_PATH/.user.ini" ]; then
+    mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/"
+fi
+
+# chown -R www-data:www-data "$BACKUP_DIR"
+check_result $? "backup failed" > /dev/null
+echo "Old core folders moved to $BACKUP_DIR"
+
+# deploy clean core
+rsync -a --delete "$CACHE_PATH/wp-admin/"    "$SITE_PATH/wp-admin/"
+rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/"
+check_result $? "rsync failed" > /dev/null
+
+for corephp in "$CACHE_PATH"/*.php; do
+    base=$(basename "$corephp")
+    [ "$base" = "wp-config.php" ] && continue
+    rsync -a "$corephp" "$SITE_PATH/$base"
+done
+
+# fix permissions
+SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN
+# chown -R www-data:www-data "$BACKUP_DIR"
+
+echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN"
+exit
--- a/bin/v-get-dns-config
+++ b/bin/v-get-dns-config
@ -0,0 +1,70 @@
+#!/bin/bash
+# info: Get domain DNS config.db file content
+# options: DOMAIN 
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    # echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    # echo "Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+DNS_FILE="/home/$user/conf/dns/$domain.db"
+
+if [ -f "$DNS_FILE" ]; then
+    cat "$DNS_FILE"
+else
+    echo "DNS configuration file for $domain does not exist."
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;
--- a/bin/v-get-wp-cli
+++ b/bin/v-get-wp-cli
@ -0,0 +1,44 @@
+#!/bin/bash
+# info: Download WP CLI
+# options: NONE
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+if [ ! -f "/usr/local/bin/composer" ]; then
+    echo "= Composer is not installed. Installing..."
+    php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+    php composer-setup.php --install-dir=/usr/local/bin --filename=composer
+    php -r "unlink('composer-setup.php');"
+    echo "= Composer installed successfully."
+fi
+
+if [ -d "/usr/local/bin/wp-cli" ]; then
+    echo "= Removing old WP CLI..."
+    rm -rf /usr/local/bin/wp-cli
+fi
+
+cd /usr/local/bin
+git clone https://github.com/wp-cli/wp-cli.git
+
+chown -R www-data:www-data wp-cli
+
+cd wp-cli/
+sudo -H -u www-data composer install
+
+# Fix terminal columns issue for WP CLI
+/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php'
+
+echo "= WP CLI installed successfully."
+
+exit 0;
--- a/bin/v-grep
+++ b/bin/v-grep
@ -9,13 +9,19 @@
 #----------------------------------------------------------#


-if [ -p /dev/stdin ]; then
+if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then
    STDIN=$(cat -)
    if [ ! -z "$STDIN" ]; then
-        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@"
+        shift;
+        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@"
        exit $?
    fi
 fi

-php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@"
+if [ "$1" == "--stdin" ]; then
+    shift;
+    php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@"
+else
+    php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@"
+fi
 exit $?
--- a/bin/v-import-cpanel-backup
+++ b/bin/v-import-cpanel-backup
@ -157,9 +157,15 @@ for sk_dbr in $sk_db_list
 			echo " Create and restore ${sk_dbr} "
 			sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create
 			sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create
+			if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.create; then
+				v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create
+			fi
 			mysql < mysql/${sk_dbr}.create
 			sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql
 			sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql
+			if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.sql; then
+				v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql
+			fi
 			mysql ${sk_dbr} < mysql/${sk_dbr}.sql
 		else
 			echo "Error: Cant restore database $sk_dbr alredy exists in mysql server"
@ -272,23 +278,24 @@ if [[ "$sk_maild" != "cur" && "$sk_maild" != "new" && "$sk_maild" != "tmp"  ]];
    if [ -d "$sk_maild" ]; then
        for sk_mail_account in $(ls $sk_maild/)
        do
-					
            echo "Create and restore mail account: $sk_mail_account@$sk_maild"
            sk_mail_pass1=$(generate_password)        
            /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1
            mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild}
            chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild}
            find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete
-					# echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1"	>> /root/sk_mail_password_${sk_cp_user}-${sk_cod}
+            if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then
                echo "Set password for ${sk_mail_account}@${sk_maild}"
                pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F  ":" '{print $2}')
                newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0"
                newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'"
-					# echo $newline
                escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g')
                escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g')
                sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd
                sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf
+            else
+                echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1"    >> /root/sk_mail_password_${sk_cp_user}-${sk_cod}
+            fi
        done
    fi
 #else
@ -367,7 +374,9 @@ tput setaf 4
 echo "##############################"
 echo "cPanel Backup restored"
 echo "Review your content and report any fail"
-# echo "I reset mail password not posible restore it yet."
-# echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}"
+if [ -f "/root/sk_mail_password_${sk_cp_user}-${sk_cod}" ]; then
+    echo "I reset mail password not posible restore it yet."
+    echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}"
+fi
 echo "##############################"
 tput sgr0
--- a/bin/v-install-unsigned-ssl
+++ b/bin/v-install-unsigned-ssl
@ -52,6 +52,12 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#

+if [ -f "/home/$user/conf/web/ssl.$domain.crt" ]; then
+    /usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain"
+fi
+
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+
 email="info@$domain"

 TMPLOC="/home/$user/tmp/$domain"
@ -62,8 +68,13 @@ mkdir $TMPLOC

 # Parsing certificate file
 crt_end=$(grep -n "END CERTIFICATE-" $TMPLOC/vst.pem |cut -f 1 -d:)
-key_start=$(grep -n "BEGIN RSA" $TMPLOC/vst.pem |cut -f 1 -d:)
-key_end=$(grep -n  "END RSA" $TMPLOC/vst.pem |cut -f 1 -d:)
+if [ "$release" -lt 12 ]; then
+    key_start=$(grep -n "BEGIN RSA" $TMPLOC/vst.pem |cut -f 1 -d:)
+    key_end=$(grep -n  "END RSA" $TMPLOC/vst.pem |cut -f 1 -d:)
+else
+    key_start=$(grep -n "BEGIN PRIVATE KEY" $TMPLOC/vst.pem |cut -f 1 -d:)
+    key_end=$(grep -n  "END PRIVATE KEY" $TMPLOC/vst.pem |cut -f 1 -d:)
+fi

 # Adding SSL certificate
 cd $TMPLOC
--- a/bin/v-install-wordpress
+++ b/bin/v-install-wordpress
@ -95,21 +95,37 @@ PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
 #                       Action                             #
 #----------------------------------------------------------#

-PROTOCOL='http'
-if [ -z "$SKIP_LE" ]; then
-    if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then
+PROTOCOL='https'
+
+if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then
+    echo "== Trying to install LetsEncrypt for domain $domain"
    /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes"
-    fi
-else
-    PROTOCOL='https'
 fi

-if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then
-    PROTOCOL='https'
-    if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ]; then
+if [ ! -z "$FORCE_HTTP" ]; then
+    # Switch to http:// only if --FORCE_HTTP parameter is set
+    echo "== Force http://"
+    PROTOCOL='http'
+fi
+
+TPL_CHANGED=0;
+
+if [ "$PROTOCOL" = "https" ]; then
+    if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
+        TPL_CHANGED=1;
+        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl  "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
+    fi
+    if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
+        TPL_CHANGED=1;
        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl  "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
    fi
 fi
+if [ "$PROTOCOL" = "http" ]; then
+    if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
+        TPL_CHANGED=1;
+        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl  "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
+    fi
+fi

 /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql"

@ -135,11 +151,11 @@ sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user="
 mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';"

 echo "================================================================="
-echo "Installation is complete. Your username/password is listed below."
+echo "Your WordPress installation is complete."
 echo ""
-echo "Site: $PROTOCOL://$domain/"
+echo "Website URL: $PROTOCOL://$domain/"
 echo ""
-echo "Login: $PROTOCOL://$domain/wp-admin/"
+echo "WordPress admin login: $PROTOCOL://$domain/wp-admin/"
 echo "Username: $wpadmin"
 echo "Password: $password"
 echo ""
--- a/bin/v-list-php
+++ b/bin/v-list-php
@ -0,0 +1,76 @@
+#!/bin/bash
+# info: list of installed php versions
+# options: [FORMAT]
+#
+# The function for obtaining the list of installed PHP versions.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+    counter=$(echo "$phpversions" | wc -l)
+    i=1
+    echo '['
+    for phpversion in $phpversions; do
+        if [ "$i" -lt "$counter" ]; then
+            echo -e  "\t\"$phpversion\","
+        else
+            echo -e  "\t\"$phpversion\""
+        fi
+        (( ++i))
+    done
+    echo "]"
+}
+
+# shell list function
+shell_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# PLAIN list function
+plain_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# CSV list function
+csv_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Obtaining the list of installed PHP-FPM versions
+phpversions=$(find /etc/php/ -type d -name 'fpm' | sed "s|/etc/php/||" | sed "s|/fpm||" | sort)
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
--- a/bin/v-list-php-apache
+++ b/bin/v-list-php-apache
@ -0,0 +1,91 @@
+#!/bin/bash
+# info: list of installed php versions that have Apache template.
+# options: [FORMAT]
+#
+# The function obtains the list of installed PHP versions that have Apache template.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+    counter=$(echo "$phpversions" | wc -l)
+    i=1
+    echo '['
+    for phpversion in $phpversions; do
+        if [ "$i" -lt "$counter" ]; then
+            echo -e  "\t\"$phpversion\","
+        else
+            echo -e  "\t\"$phpversion\""
+        fi
+        (( ++i))
+    done
+    echo "]"
+}
+
+# shell list function
+shell_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# PLAIN list function
+plain_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# CSV list function
+csv_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+echo_phpversions_list() {
+    for element in "${phpversions_list[@]}"; do
+        echo "$element"
+    done
+}
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Obtaining the list of installed PHP-FPM versions
+fpmphpversions=$(/usr/local/vesta/bin/v-list-php)
+
+for phpversion in $fpmphpversions; do
+    phpversiontpl=${phpversion//./}
+    tpl="/usr/local/vesta/data/templates/web/apache2/PHP-FPM-$phpversiontpl.tpl"
+    if [ -f "$tpl" ]; then
+        phpversions_list+=("$phpversion")
+    fi
+done
+
+phpversions=$(echo_phpversions_list)
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
--- a/bin/v-list-sys-config
+++ b/bin/v-list-sys-config
@ -54,7 +54,8 @@ json_list() {
        "SOFTACULOUS": "'$SOFTACULOUS'",
        "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'",
        "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
-        "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
+        "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'",
+        "DISABLE_IP_CHECK": "'$DISABLE_IP_CHECK'"
    }
 }'
 }
--- a/bin/v-list-sys-services
+++ b/bin/v-list-sys-services
@ -297,7 +297,11 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then
        if [ "$service" = 'mysql' ]; then
            proc_name='mysqld'
            release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
-            if [ "$release" -eq 11 ] && [ ! -f "/etc/apt/sources.list.d/mysql.list" ]; then
+            if [ "$release" -gt 10 ] && [ ! -f "/etc/apt/sources.list.d/mysql.list" ]; then
+                service='mariadb'
+                proc_name='mariadbd'
+            fi
+            if [ -f "/etc/apt/sources.list.d/mariadb.list" ]; then
                service='mariadb'
                proc_name='mariadbd'
            fi
--- a/bin/v-make-main-apache-log
+++ b/bin/v-make-main-apache-log
@ -0,0 +1,14 @@
+#!/bin/bash
+
+touch /var/log/apache2/time.log
+# truncate -s 0 /var/log/apache2/time.log
+chmod 0640 /var/log/apache2/time.log
+chown root:adm /var/log/apache2/time.log
+find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n    ServerName |g'
+find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n    ServerName |g'
+if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then
+    sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\" pid=%P" time|g' /etc/apache2/apache2.conf
+fi
+systemctl restart apache2
+
+wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic.php -O /root/analyze-traffic.php
--- a/bin/v-make-separated-ip-for-email
+++ b/bin/v-make-separated-ip-for-email
@ -1,4 +1,4 @@
-#!/bin/bash
+ #!/bin/bash

 # info: add new ip and makes email to be sent via that IP only for SMTP authenticated users
 # options: MAIL_HOSTNAME MAIL_IP
@ -138,7 +138,18 @@ check_grep=$(grep -c 'smtp_active_hostname' /etc/exim4/exim4.conf.template)
 if [ "$check_grep" -eq 0 ]; then
    echo "=== patching exim4.conf.template"
    mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup
-    cp /usr/local/vesta/install/debian/11/exim/exim4.conf.template-RC /etc/exim4/exim4.conf.template
+    cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template
+
+    eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}')
+    if (( $(echo "$eximversion < 4.96" | bc -l) )); then
+        cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template
+        sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template
+    fi
+
+    if (( $(echo "$eximversion < 4.94" | bc -l) )); then
+        sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template
+    fi
+
    sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template
    sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template
    sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template
@ -148,6 +159,8 @@ if [ "$check_grep" -eq 0 ]; then
    sed -i "s|#smtp_banner|smtp_banner|g" /etc/exim4/exim4.conf.template
    sed -i "s|#interface =|interface =|g" /etc/exim4/exim4.conf.template
    sed -i "s|#helo_data =|helo_data =|g" /etc/exim4/exim4.conf.template
+    /usr/local/vesta/bin/v-sed 'tls_certificate = /usr/local/vesta/ssl/certificate.crt' 'tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt' '/etc/exim4/exim4.conf.template'
+    /usr/local/vesta/bin/v-sed 'tls_privatekey = /usr/local/vesta/ssl/certificate.key' 'tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key' '/etc/exim4/exim4.conf.template'
    touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
    touch /etc/exim4/limit_per_email_account_max_recipients
    touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
@ -166,9 +179,10 @@ if [ "$check_grep" -eq 0 ]; then
    fi
    systemctl restart exim4
    if [ $? -ne 0 ]; then
+        systemctl status exim4
        cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template
        systemctl restart exim4
-        echo "=== Patching failed, aborting"
+        echo "=== Patching failed, old exim conf returned, exim4 restarted again."
        exit 1
    fi
    echo "=== Patching successful"
--- a/bin/v-migrate-site-to-https
+++ b/bin/v-migrate-site-to-https
@ -94,6 +94,8 @@ if [ "$DB_EXISTS" = "no" ]; then
    exit 6
 fi

+phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$FROM_DOMAIN")
+
 # ----------- CHECK -------------

 FROM_REPLACE1="http://$FROM_DOMAIN"
@ -102,13 +104,13 @@ FROM_REPLACE2="http://www.$FROM_DOMAIN"
 TO_REPLACE2="https://www.$FROM_DOMAIN"

 if [ $IT_IS_WP -eq 0 ]; then
-    if [ ! -f "/root/Search-Replace-DB-master/srdb.cli.php" ]; then
-        echo "Please download https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ and extract to /root/Search-Replace-DB-master/"
-        exit 7
+    if [ ! -f "/root/Search-Replace-DB/srdb.cli.php" ]; then
+        if [ ! -f "/usr/bin/git" ]; then
+            apt-get update > /dev/null 2>&1
+            apt-get -y install git > /dev/null 2>&1
        fi
-    if [ ! -f "/usr/bin/php7.0" ]; then
-        echo "Please download https://c.myvestacp.com/tools/multi-php-install.sh and install php 7.0"
-        exit 8
+        cd /root
+        git clone https://github.com/interconnectit/Search-Replace-DB.git
    fi
 else
    if [ ! -f "/usr/local/bin/wp" ]; then
@ -164,15 +166,15 @@ grep -rl "$FROM_DOMAIN" $SITE_FOLDER | xargs sed -i "s#$FROM_REPLACE2#$TO_REPLAC

 if [ $IT_IS_WP -eq 0 ]; then
    echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME"
-    php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1"
+    php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1"
    echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME"
-    php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2"
+    php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2"
 else
    cd $SITE_FOLDER
    echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME"
-    sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid
+    sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
    echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME"
-    sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid
+    sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
 fi

 echo "===== DONE ===="
--- a/bin/v-move-domain-and-database-to-account
+++ b/bin/v-move-domain-and-database-to-account
@ -40,6 +40,10 @@ if [ "$owner" = "$user" ]; then
    exit
 fi

+USER_DATA=$VESTA/data/users/$owner
+is_object_unsuspended 'user' 'USER' "$owner"
+USER_DATA=$VESTA/data/users/$user
+
 USER_TO=$user

 #----------------------------------------------------------#
@ -84,6 +88,56 @@ if [ $? -ne 0 ]; then
    RET=$E_NOTEXIST
 fi

+#----------------------------------------------------------#
+#               Update Wordfence WAF Path                  #
+#----------------------------------------------------------#
+
+filepath="/home/USER_TO/web/$domain/public_html/.user.ini"
+filename=$(basename $filepath)
+
+# Check if file exists
+if [ -f "$filepath" ]; then
+    echo "Updating $filename with new user path..."
+    
+    # Temporary file for modification
+    tmp_file=$(mktemp)
+    
+    # Change path from old USER to new USER_TO
+    sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file"
+    
+    # Check if replacement was successful and update file
+    if [ $? -eq 0 ]; then
+        mv "$tmp_file" "$filepath"
+        echo "$filename updated successfully."
+    else
+        echo "Failed to update $filename file."
+        rm "$tmp_file"  # Deletes temporary file
+    fi
+fi
+
+filepath="/home/USER_TO/web/$domain/public_html/wordfence-waf.php"
+filename=$(basename $filepath)
+
+# Check if file exists
+if [ -f "$filepath" ]; then
+    echo "Updating $filename with new user path..."
+    
+    # Temporary file for modification
+    tmp_file=$(mktemp)
+    
+    # Change path from old USER to new USER_TO
+    sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file"
+    
+    # Check if replacement was successful and update file
+    if [ $? -eq 0 ]; then
+        mv "$tmp_file" "$filepath"
+        echo "$filename updated successfully."
+    else
+        echo "Failed to update $filename file."
+        rm "$tmp_file"  # Deletes temporary file
+    fi
+fi
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
--- a/bin/v-move-folder-and-make-symlink
+++ b/bin/v-move-folder-and-make-symlink
@ -19,6 +19,8 @@ fi
 FROMFOLDER=$1
 TOFOLDER=$2

+echo "Executing: v-move-folder-and-make-symlink $1 $2"
+
 # Includes
 source $VESTA/func/main.sh

@ -26,6 +28,16 @@ source $VESTA/func/main.sh
 #                    Verifications                         #
 #----------------------------------------------------------#

+if [ -z "$FROMFOLDER" ]; then
+    echo "First parameter is empty, aborting"
+    exit 1
+fi
+
+if [ -z "$TOFOLDER" ]; then
+    echo "Second parameter is empty, aborting"
+    exit 1
+fi
+
 # Trimming the ending slash, just in case
 FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::')
 TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::')
@ -66,19 +78,21 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#

-rsync -a "$FROMFOLDER/" "$TOFOLDER/"
-# with slashes on the end of the path of both folders
-if [ "$?" -ne 0 ]; then
-    echo "Error happened, aborting"
-    exit 1
-fi
-
 if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then
    # if we are moving myVesta home folder, we must remove immutable attribute from conf/ files
    chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1
    # with slashes on the end of the path of the folder
 fi

+# rsync -a "$FROMFOLDER/" "$TOFOLDER/"
+# with slashes on the end of the path of both folders
+
+mv "$FROMFOLDER" "$TOFOLDER"
+if [ "$?" -ne 0 ]; then
+    echo "Error happened, aborting"
+    exit 1
+fi
+
 rm -rf "$FROMFOLDER"
 # without slash on the end of the path of the folder

--- a/bin/v-php-func
+++ b/bin/v-php-func
@ -9,7 +9,7 @@
 #----------------------------------------------------------#


-if [ -p /dev/stdin ]; then
+if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then
    STDIN=$(cat -)
    if [ ! -z "$STDIN" ]; then
        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php "$@"
--- a/bin/v-restart-web
+++ b/bin/v-restart-web
@ -64,7 +64,9 @@ fi

 # Resart web system if reload didn't work
 if [ "$rc" -ne 0 ]; then
-    service $WEB_SYSTEM restart >/dev/null 2>&1
+    # service $WEB_SYSTEM restart >/dev/null 2>&1
+    systemctl reset-failed $WEB_SYSTEM
+    systemctl restart $WEB_SYSTEM >/dev/null 2>&1
    if [ $? -ne 0 ]; then
        send_email_report
        check_result $E_RESTART "$WEB_SYSTEM restart failed"
--- a/bin/v-restore-user
+++ b/bin/v-restore-user
@ -417,6 +417,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
        # Restoring web domain data
        chown $user $tmpdir
        chmod u+w $HOMEDIR/$user/web/$domain
+        chmod 0755 $tmpdir/web/$domain
        sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
            -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \
            2> $HOMEDIR/$user/web/$domain/restore_errors.log
@ -618,6 +619,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
        if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
            chown $user $tmpdir
            chmod u+w $HOMEDIR/$user/mail/$domain_idn
+            chmod 0755 $tmpdir/mail/$domain
            sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
                -C $HOMEDIR/$user/mail/$domain_idn/
            if [ "$?" -ne 0 ]; then
--- a/bin/v-run-wp-cli
+++ b/bin/v-run-wp-cli
@ -0,0 +1,102 @@
+#!/bin/bash
+# info: Run WP CLI command for a specific domain
+# options: DOMAIN WP_CLI_COMMAND
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+wp_command=${@:2} 
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+VERBOSE_MODE=1
+
+check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+
+if [ ! -d "/home/$user" ]; then
+    # echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo 'Please install WordPress first.'
+    exit 1;
+fi
+
+if ! command -v wp &> /dev/null; then
+    echo "WP CLI is not installed. Installing..."
+    wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
+    chmod +x /usr/local/bin/wp
+    echo "WP CLI installed successfully."
+fi
+
+wpcli="/usr/local/bin/wp"
+
+if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then
+    wpcli="/usr/local/bin/wp-cli/php/boot-fs.php"
+    COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}')
+    echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS
+fi
+
+mkdir -p /home/$user/.wp-cli
+chown $user:$user /home/$user/.wp-cli
+
+if [ -z "$PHP" ]; then
+    phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain")
+else
+    phpver=$PHP
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+cd /home/$USER/web/$domain/public_html
+sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log
+
+return_code=$?
+
+if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then
+    rm /usr/local/bin/wp-cli/COLUMNS
+fi
+
+# echo "WP CLI: Done."
+# echo "To see Warning/Error log: "
+# echo "cat /home/$user/web/$domain/wp-cli-error.log"
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit $return_code;
--- a/bin/v-sed
+++ b/bin/v-sed
@ -9,13 +9,19 @@
 #----------------------------------------------------------#


-if [ -p /dev/stdin ]; then
+if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then
    STDIN=$(cat -)
    if [ ! -z "$STDIN" ]; then
-        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@"
+        shift;
+        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@"
        exit $?
    fi
 fi

-php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@"
+if [ "$1" == "--stdin" ]; then
+    shift;
+    php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@"
+else
+    php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@"
+fi
 exit $?
--- a/bin/v-suspend-web-domain
+++ b/bin/v-suspend-web-domain
@ -17,6 +17,10 @@ domain=$2
 domain_idn=$2
 restart=$3

+if [ -z "$restart" ]; then
+    restart='yes'
+fi
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/func/domain.sh
@ -80,12 +84,14 @@ fi
 update_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED' 'yes'
 increase_user_value "$user" '$SUSPENDED_WEB'

-# Restarting web server
-$BIN/v-restart-web $restart
-check_result $? "Web restart failed" >/dev/null
+if [ "$restart" = "yes" ]; then
+    # Restarting web server
+    $BIN/v-restart-web $restart
+    check_result $? "Web restart failed" >/dev/null
    
-$BIN/v-restart-proxy $restart
-check_result $? "Proxy restart failed" >/dev/null
+    $BIN/v-restart-proxy $restart
+    check_result $? "Proxy restart failed" >/dev/null
+fi

 # Logging
 log_event "$OK" "$ARGUMENTS"
--- a/bin/v-unlock-wordpress
+++ b/bin/v-unlock-wordpress
@ -58,6 +58,8 @@ chown -R $user:$user public_html/

 rm public_html/wp-content/uploads/.htaccess

+/usr/local/vesta/bin/v-fix-website-permissions $domain
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
--- a/bin/v-update-document-errors-files
+++ b/bin/v-update-document-errors-files
@ -0,0 +1,48 @@
+#!/bin/bash
+# info: fix website permissions for all websites
+# options:
+#
+# The command is used for fixing website permissions for all websites on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        cp /usr/local/vesta/data/templates/web/skel/document_errors/403.html /home/$user/web/$domain/document_errors/403.html
+        cp /usr/local/vesta/data/templates/web/skel/document_errors/404.html /home/$user/web/$domain/document_errors/404.html
+        cp /usr/local/vesta/data/templates/web/skel/document_errors/50x.html /home/$user/web/$domain/document_errors/50x.html
+        sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/403.html
+        sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/404.html
+        sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/50x.html
+        chown $user:$user /home/$user/web/$domain/document_errors/*
+        chmod 644 /home/$user/web/$domain/document_errors/*
+    done
+
+done
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-update-firewall
+++ b/bin/v-update-firewall
@ -67,7 +67,7 @@ echo "$iptables -P INPUT ACCEPT" >> $tmp
 echo "$iptables -F INPUT" >> $tmp

 # Enabling stateful support
-if [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then
+if [ "$FIREWALL_STATEFUL" == "yes" ] || [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then
    str="$iptables -A INPUT -m state"
    str="$str --state ESTABLISHED,RELATED -j ACCEPT"
    echo "$str" >> $tmp
@ -164,12 +164,12 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then
 fi

 # Saving rules to the master iptables file
-if [ -d "/etc/sysconfig" ]; then
-    /sbin/iptables-save > /etc/sysconfig/iptables
-    if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
-        /sbin/chkconfig iptables on
-    fi
-else
+# if [ -d "/etc/sysconfig" ]; then
+#     /sbin/iptables-save > /etc/sysconfig/iptables
+#     if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
+#         /sbin/chkconfig iptables on
+#     fi
+# else
    /sbin/iptables-save > /etc/iptables.rules
    preup="/etc/network/if-pre-up.d/iptables"
    if [ ! -e "$preup" ]; then
@ -178,7 +178,7 @@ else
        echo "exit 0" >> $preup
        chmod +x $preup
    fi
-fi
+# fi

 # Worarkound for OpenVZ
 if [ -e "/proc/vz/veinfo" ]; then
--- a/bin/v-update-mail-domain-disk
+++ b/bin/v-update-mail-domain-disk
@ -49,7 +49,8 @@ dom_diks=0
 for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do
    home_dir=$HOMEDIR/$user/mail/$domain/$account
    if [ -e "$home_dir" ]; then
-        udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+        cd $home_dir
+        udisk=$(nice -n 19 du -shm ./ | cut -f 1 )
    else
        udisk=0
    fi
--- a/bin/v-update-mail-domains-disk
+++ b/bin/v-update-mail-domains-disk
@ -35,13 +35,14 @@ fi
 #----------------------------------------------------------#

 # Starting loop
-for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do
+for domain in $(list_objects 'mail' 'DOMAIN'); do
    dom_diks=0
-    accounts=$(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT')
+    accounts=$(list_objects "mail/$domain" 'ACCOUNT')
    for account in $accounts; do
        home_dir=$HOMEDIR/$user/mail/$domain/$account
        if [ -e "$home_dir" ]; then
-            udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+            cd $home_dir
+            udisk=$(nice -n 19 du -shm ./ | cut -f 1 )
        else
            udisk=0
        fi
--- a/bin/v-update-web-domain-disk
+++ b/bin/v-update-web-domain-disk
@ -50,6 +50,14 @@ if [ -e "$home_dir" ]; then
    disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 )
 fi

+# Defining hdd home directory
+home_dir="/hdd$HOMEDIR/$user/web/$domain/"
+
+# Checking home directory exist
+if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then
+    disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+    disk_usage=$(( disk_usage + disk_usage2 ))
+fi

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-update-web-domains-disk
+++ b/bin/v-update-web-domains-disk
@ -32,11 +32,16 @@ is_object_valid 'user' 'USER' "$user"
 #----------------------------------------------------------#

 # Domain loop
-for domain in $(search_objects 'web' 'SUSPENDED' "no" 'DOMAIN'); do
+for domain in $(list_objects 'web' 'DOMAIN'); do
    home_dir="$HOMEDIR/$user/web/$domain/"
    if [ -e "$home_dir" ]; then
        disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 )
    fi
+    home_dir="/hdd$HOMEDIR/$user/web/$domain/"
+    if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then
+        disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+        disk_usage=$(( disk_usage + disk_usage2 ))
+    fi
    update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage"
 done

--- a/bin/v-whitelist-email-account
+++ b/bin/v-whitelist-email-account
@ -0,0 +1,119 @@
+#!/bin/bash
+# info: Add a specific email address to SpamAssassin whitelist
+# usage: v-whitelist-email-account EMAIL
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if an entry already exists in a file
+check_entry_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "$entry" "$file"
+}
+
+# Function to check if a domain/email is already blacklisted
+check_blacklisted() {
+    local pattern=$1
+    local file=$2
+    grep -qE "blacklist_from.*${pattern}" "$file"
+}
+
+# Function to add an entry to a file
+add_entry_to_file() {
+    local entry=$1
+    local file=$2
+    echo "$entry" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 1 ]; then
+    echo "Usage: v-whitelist-email-account EMAIL"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+EMAIL=$1
+
+# Validate email format
+if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+    echo "Invalid email address format."
+    exit 1
+fi
+
+# Extract the domain from the email address
+DOMAIN=$(echo "$EMAIL" | awk -F '@' '{print $2}')
+
+# Prepare entries for SpamAssassin
+WHITELIST_ENTRY="whitelist_from $EMAIL"
+BLACKLIST_ENTRY_MAIN="*@${DOMAIN}"
+BLACKLIST_ENTRY_SUB="*.$DOMAIN"
+
+#----------------------------------------------------------#
+#                SpamAssassin Whitelist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+
+# Check if the email address or its domain is already blacklisted
+if check_blacklisted "$EMAIL" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $EMAIL. It is already blacklisted."
+    exit 1
+fi
+
+if check_blacklisted "$BLACKLIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $EMAIL. The domain $DOMAIN is already blacklisted."
+    exit 1
+fi
+
+if check_blacklisted "$BLACKLIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $EMAIL. The subdomain of $DOMAIN is already blacklisted."
+    exit 1
+fi
+
+# Add the email to whitelist if not already present
+if ! check_entry_exists "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"; then
+    add_entry_to_file "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"
+    echo "Added $WHITELIST_ENTRY to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "$WHITELIST_ENTRY already exists in $SPAMASSASSIN_FILE."
+fi
+
+# Restart SpamAssassin only if changes were made
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
--- a/bin/v-whitelist-email-domain
+++ b/bin/v-whitelist-email-domain
@ -0,0 +1,119 @@
+#!/bin/bash
+# info: Add a domain to SpamAssassin whitelist
+# usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if a SpamAssassin whitelist entry already exists
+check_whitelist_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "whitelist_from $entry" "$file"
+}
+
+# Function to check if a domain/email is already blacklisted
+check_blacklist_exists() {
+    local domain=$1
+    local file=$2
+    grep -qE "blacklist_from.*${domain}$" "$file"
+}
+
+# Function to add whitelist entry to file
+add_whitelist_to_file() {
+    local entry=$1
+    local file=$2
+    echo "whitelist_from $entry" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 2 ]; then
+    echo "Usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+DOMAIN=$1
+SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO)
+
+# Validate SUBDOMAIN parameter
+if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then
+    echo "Invalid parameter for SUBDOMAIN. Use YES or NO."
+    exit 1
+fi
+
+# Prepare entries for SpamAssassin
+WHITELIST_ENTRY_MAIN="*@${DOMAIN}"
+WHITELIST_ENTRY_SUB="*.$DOMAIN"
+BLACKLIST_ENTRY_MAIN="*@${DOMAIN}"
+BLACKLIST_ENTRY_SUB="*.$DOMAIN"
+
+#----------------------------------------------------------#
+#                SpamAssassin Whitelist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+
+# Check if the domain is already blacklisted
+if check_blacklist_exists "$DOMAIN" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $DOMAIN. It is already blacklisted."
+    exit 1
+fi
+
+# Add the main entry
+if ! check_whitelist_exists "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
+    add_whitelist_to_file "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"
+    echo "Added whitelist_from $WHITELIST_ENTRY_MAIN to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "whitelist_from $WHITELIST_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE."
+fi
+
+# Add the subdomain entry if needed
+if [ "$SUBDOMAIN" == "YES" ]; then
+    if ! check_whitelist_exists "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
+        add_whitelist_to_file "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"
+        echo "Added whitelist_from $WHITELIST_ENTRY_SUB to $SPAMASSASSIN_FILE."
+        SPAMASSASSIN_CHANGED=true
+    else
+        echo "whitelist_from $WHITELIST_ENTRY_SUB already exists in $SPAMASSASSIN_FILE."
+    fi
+fi
+
+# Restart SpamAssassin only if changes were made
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
--- a/func/bash-to-php-interpreter.php
+++ b/func/bash-to-php-interpreter.php
@ -7,13 +7,22 @@ else $SHLVL=3;

 if (!isset($argv)) exit(5);

-stream_set_blocking(STDIN, false);
-$myvesta_stdin='';
-$myvesta_f = fopen( 'php://stdin', 'r' );
-while( $myvesta_line = fgets( $myvesta_f ) ) {
-    $myvesta_stdin .= $myvesta_line;
+$argv_start=1;
+$STDIN_ENABLED=false;
+if ($argv[1]=='--stdin') {
+    $STDIN_ENABLED=true;
+    $argv_start++;
+}
+
+$myvesta_stdin='';
+if ($STDIN_ENABLED==true) {
+    stream_set_blocking(STDIN, false);
+    $myvesta_f = fopen( 'php://stdin', 'r' );
+    while( $myvesta_line = fgets( $myvesta_f ) ) {
+        $myvesta_stdin .= $myvesta_line;
+    }
+    fclose( $myvesta_f );
 }
-fclose( $myvesta_f );

 include ("/usr/local/vesta/func/main.php");
 include ("/usr/local/vesta/func/string.php");
@ -21,9 +30,9 @@ include ("/usr/local/vesta/func/string.php");
 $counter=count($argv);
 if ($counter<2) myvesta_throw_error(2, 'Function is missing');

-$func=$argv[1];
+$func=$argv[$argv_start];
 if (!function_exists($func)) {
-    $func="myvesta_".$argv[1];    
+    $func="myvesta_".$argv[$argv_start];    
    if (!function_exists($func)) myvesta_throw_error(2, 'Function does not exists');
 }

@ -36,10 +45,12 @@ $params=array();
 $added=0;
 $stdin_content='';
 $myvesta_stdin_from_file='';
- $myvesta_stdin_return_not_found=false;
+$myvesta_stdin_return_not_found=false;
 if ($myvesta_stdin!='' && $insert_stdin_at_position===false) {$params[]=$myvesta_stdin; $added++;}

-for ($i=2; $i<$counter; $i++) {
+$argv_start++;
+
+for ($i=$argv_start; $i<$counter; $i++) {
    $argv[$i]=myvesta_fix_backslashes($argv[$i]);
    //if ($insert_stdin_at_position!==false && $myvesta_stdin=='') if ($insert_stdin_at_position==$added) {$stdin_content=$argv[$i]; $added++; continue;}
    $params[]=$argv[$i];
@ -48,7 +59,7 @@ for ($i=2; $i<$counter; $i++) {
 //print_r($params); exit;

 if ($insert_stdin_at_position!=false) {
-    if ($myvesta_stdin=='') {
+    if ($myvesta_stdin=='' && isset($params[$insert_stdin_at_position])) {
        $file_or_stdin=$params[$insert_stdin_at_position];
        if (!file_exists($file_or_stdin)) {
            $myvesta_stdin_return_not_found=true;
--- a/func/db.sh
+++ b/func/db.sh
@ -29,6 +29,9 @@ mysql_connect() {
    mysql --defaults-file=$mycnf -e 'SELECT VERSION()' > $mysql_out 2>&1
    if [ '0' -ne "$?" ]; then
        if [ "$notify" != 'no' ]; then
+            subj="Error: Connection to $HOST failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
            echo -e "Can't connect to MySQL $HOST\n$(cat $mysql_out)" |\
                $SENDMAIL -s "$subj" $email
        fi
@ -55,10 +58,13 @@ mysql_query() {

 mysql_dump() {
    err="/tmp/e.mysql"
-    mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
+    mysqldump --defaults-file=$mycnf --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB -r $1 $2 2> $err
    if [ '0' -ne "$?" ]; then
        rm -rf $tmpdir
        if [ "$notify" != 'no' ]; then
+            subj="Error: dump $database failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
            echo -e "Can't dump database $database\n$(cat $err)" |\
                $SENDMAIL -s "$subj" $email
        fi
@ -82,6 +88,9 @@ psql_connect() {
    psql -h $HOST -U $USER -c "SELECT VERSION()" > /dev/null 2>/tmp/e.psql
    if [ '0' -ne "$?" ]; then
        if [ "$notify" != 'no' ]; then
+            subj="Error: Connection to $HOST failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
            echo -e "Can't connect to PostgreSQL $HOST\n$(cat /tmp/e.psql)" |\
                $SENDMAIL -s "$subj" $email
        fi
@ -103,6 +112,9 @@ psql_dump() {
    if [ '0' -ne "$?" ]; then
        rm -rf $tmpdir
        if [ "$notify" != 'no' ]; then
+            subj="Error: dump $database failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+            
            echo -e "Can't dump database $database\n$(cat /tmp/e.psql)" |\
                $SENDMAIL -s "$subj" $email
        fi
--- a/func/main.php
+++ b/func/main.php
@ -53,6 +53,7 @@ function myvesta_check_args ($requried_arguments, $arguments) {
    $argument_counter=count($argv);
    $argument_counter--;
    $argv[0]=str_replace('/usr/local/vesta/bin/', '', $argv[0]);
+    $command=$argv[0];
    // myvesta_echo ( "-------------------- ".$argv[0]." --------------------\n");
    if ($argument_counter<$requried_arguments) {
        $arguments=str_replace(" ", "' '", $arguments);
--- a/func/main.sh
+++ b/func/main.sh
@ -254,6 +254,9 @@ is_object_unsuspended() {
        spnd=$(grep "$2='$3'" $USER_DATA/$1.conf |grep "SUSPENDED='yes'")
    fi
    if [ ! -z "$spnd" ]; then
+        if [ ! -z "$VERBOSE_MODE" ]; then
+            echo "Error: $(basename $1) $3 is suspended"
+        fi
        check_result $E_SUSPENDED "$(basename $1) $3 is suspended"
    fi
 }
@ -359,6 +362,17 @@ search_objects() {
    IFS="$OLD_IFS"
 }

+# List objects
+list_objects() {
+    OLD_IFS="$IFS"
+    IFS=$'\n'
+    for line in $(cat $USER_DATA/$1.conf); do
+        eval $line
+        eval echo \$$2
+    done
+    IFS="$OLD_IFS"
+}
+
 # Get user value
 get_user_value() {
    grep "^${1//$/}=" $USER_DATA/user.conf |awk -F "'" '{print $2}'
@ -1143,3 +1157,82 @@ check_if_service_exists() {
        echo "0"
    fi
 }
+
+# Parsing config variables with key='value' and key="value" pairs and setting them as variables, without using Perl.
+# Inspired by HestiaCP function and improved
+parse_object_kv_list_non_eval() {
+    # Let's combine all the parameters into one string, replace the new lines with a space
+    local str="${*//$'\n'/ }"
+    str=${str//\\\'/---QUOTE---}
+    str=${str//\\\"/---DQUOTE---}
+    local backup_str=$str
+
+    local key val match i length length_val prefix position cut
+    i=0
+    # Searching for key='value' blocks
+    # Loop until we find the next key='value'
+    while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\'([^\']*)\' ]]; do
+        key="${BASH_REMATCH[1]}"
+        val="${BASH_REMATCH[2]}"
+        match="${BASH_REMATCH[0]}"
+        length=${#match}
+        length_val=${#match}
+
+        # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number)
+        if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
+            check_result "$E_INVALID" "Invalid key format [$key]"
+        fi
+
+        # Declaring a global variable
+        val=${val/---QUOTE---/\\\'}
+        val=${val/---DQUOTE---/\\\"}
+        declare -g "$key"="$val"
+
+        # Let's remove the processed part from str to continue
+        prefix=${str%%"$key="*}
+        position=${#prefix}
+        cut=$((position + 1 + length_val))
+        str=${str:cut}
+        ((i++))
+        if [ $i -eq 100 ]; then
+            check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected"
+        fi
+    done
+
+    # Terminate function if we don't expect strings with double apostrophes
+    if [ -z "$PARSE_DOUBLE_QUOTES_VAR" ]; then
+        return;
+    fi
+
+    # Searching for key="value" blocks
+    str=$backup_str
+    i=0
+    # Loop until we find the next key="value"
+    while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\"([^\"]*)\" ]]; do
+        key="${BASH_REMATCH[1]}"
+        val="${BASH_REMATCH[2]}"
+        match="${BASH_REMATCH[0]}"
+        length=${#match}
+        length_val=${#match}
+
+        # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number)
+        if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
+            check_result "$E_INVALID" "Invalid key format [$key]"
+        fi
+
+        # Declaring a global variable
+        val=${val/---QUOTE---/\\\'}
+        val=${val/---DQUOTE---/\\\"}
+        declare -g "$key"="$val"
+
+        # Let's remove the processed part from str to continue
+        prefix=${str%%"$key="*}
+        position=${#prefix}
+        cut=$((position + 1 + length_val))
+        str=${str:cut}
+        ((i++))
+        if [ $i -eq 100 ]; then
+            check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected"
+        fi
+    done
+}
--- a/func/rebuild.sh
+++ b/func/rebuild.sh
@ -610,6 +610,9 @@ rebuild_pgsql_database() {
    if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ] || [ -z $TPL ]; then
        echo "Error: postgresql config parsing failed"
        if [ ! -z "$SENDMAIL" ]; then
+            subj="Error: postgresql config parsing failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
            echo "Can't parse PostgreSQL config" | $SENDMAIL -s "$subj" $email
        fi
        log_event "$E_PARSING" "$ARGUMENTS"
@ -621,6 +624,9 @@ rebuild_pgsql_database() {
    if [ '0' -ne "$?" ];  then
        echo "Error: Connection failed"
        if [ ! -z "$SENDMAIL" ]; then
+            subj="Error: Connection failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
            echo "Database connection to PostgreSQL host $HOST failed" |\
                $SENDMAIL -s "$subj" $email
        fi
--- a/install/debian/10/exim/dnsbl.conf
+++ b/install/debian/10/exim/dnsbl.conf
@ -1,2 +1 @@
 bl.spamcop.net
-zen.spamhaus.org
--- a/install/debian/10/templates/web/awstats/awstats.tpl
+++ b/install/debian/10/templates/web/awstats/awstats.tpl
@ -24,7 +24,7 @@ PurgeLogFile=0
 ArchiveLogRecords=0
 KeepBackupOfHistoricFiles=1
 DefaultFile="index.php index.html"
-SkipHosts="127.0.0.1
+SkipHosts="127.0.0.1"
 SkipUserAgents=""
 SkipFiles=""
 SkipReferrersBlackList=""
--- a/install/debian/11/exim/dnsbl.conf
+++ b/install/debian/11/exim/dnsbl.conf
@ -1,2 +1 @@
 bl.spamcop.net
-zen.spamhaus.org
--- a/install/debian/11/exim/exim4.conf.template
+++ b/install/debian/11/exim/exim4.conf.template
@ -322,7 +322,7 @@ remote_smtp:
  dkim_private_key = DKIM_PRIVATE_KEY
  dkim_canon = relaxed
  dkim_strict = 0
-  hosts_try_fastopen = !*.l.google.com
+  hosts_try_fastopen = 
  hosts_try_chunking = !93.188.3.0/24

 procmail:
--- a/install/debian/11/exim/exim4.conf.template-RC
+++ b/install/debian/11/exim/exim4.conf.template-RC
@ -145,7 +145,7 @@ acl_check_rcpt:
  
  warn    !authenticated = *
          hosts          = !+relay_from_hosts
-          condition     = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}}
+          condition     = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
          set acl_m3    = yes

  deny    message       = Restricted characters in address
@ -353,7 +353,7 @@ remote_smtp:
  dkim_private_key = DKIM_PRIVATE_KEY
  dkim_canon = relaxed
  dkim_strict = 0
-  hosts_try_fastopen = !*.l.google.com
+  hosts_try_fastopen = 
  hosts_try_chunking = !93.188.3.0/24

 procmail:
--- a/install/debian/11/templates/web/awstats/awstats.tpl
+++ b/install/debian/11/templates/web/awstats/awstats.tpl
@ -24,7 +24,7 @@ PurgeLogFile=0
 ArchiveLogRecords=0
 KeepBackupOfHistoricFiles=1
 DefaultFile="index.php index.html"
-SkipHosts="127.0.0.1
+SkipHosts="127.0.0.1"
 SkipUserAgents=""
 SkipFiles=""
 SkipReferrersBlackList=""
--- a/install/debian/12/apache2/apache2.conf
+++ b/install/debian/12/apache2/apache2.conf
@ -0,0 +1,95 @@
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
+#
+#	/etc/apache2/
+#	|-- apache2.conf
+#	|	`--  ports.conf
+#	|-- mods-enabled
+#	|	|-- *.load
+#	|	`-- *.conf
+#	|-- conf.d
+#	|	`-- *
+
+# Global configuration
+PidFile ${APACHE_PID_FILE}
+Timeout 900
+ProxyTimeout 900
+KeepAlive Off
+MaxKeepAliveRequests 100
+KeepAliveTimeout 10
+
+<IfModule mpm_prefork_module>
+    StartServers          8
+    MinSpareServers       5
+    MaxSpareServers      20
+    ServerLimit         256
+    MaxClients          200
+    MaxRequestsPerChild 4000
+</IfModule>
+
+<IfModule mpm_worker_module>
+    StartServers          2
+    MinSpareThreads      25
+    MaxSpareThreads      75 
+    ThreadLimit          64
+    ThreadsPerChild      25
+    MaxClients          200
+    MaxRequestsPerChild 4000
+</IfModule>
+
+<IfModule mpm_event_module>
+    StartServers          2
+    MinSpareThreads      25
+    MaxSpareThreads      75 
+    ThreadLimit          64
+    ThreadsPerChild      25
+    MaxClients          200
+    MaxRequestsPerChild 4000
+</IfModule>
+
+# These need to be set in /etc/apache2/envvars
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+#User www-data
+#Group www-data
+
+AccessFileName .htaccess
+
+<Files ~ "^\.ht">
+    Order allow,deny
+    Deny from all
+    Satisfy all
+</Files>
+
+DefaultType None
+HostnameLookups Off
+
+ErrorLog ${APACHE_LOG_DIR}/error.log
+LogLevel warn
+
+# Include module configuration:
+Include mods-enabled/*.load
+Include mods-enabled/*.conf
+
+# Include list of ports to listen on and which to use for name based vhosts
+Include ports.conf
+
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+LogFormat "%b" bytes
+
+Include conf.d/
+
+# Include the virtual host configurations:
+#Include sites-enabled/
+
+ErrorDocument 403 /error/403.html
+ErrorDocument 404 /error/404.html
+ErrorDocument 500 /error/50x.html
+ErrorDocument 501 /error/50x.html
+ErrorDocument 502 /error/50x.html
+ErrorDocument 503 /error/50x.html
+ErrorDocument 506 /error/50x.html
--- a/install/debian/12/apache2/status.conf
+++ b/install/debian/12/apache2/status.conf
@ -0,0 +1,8 @@
+Listen 127.0.0.1:8081
+<Location /server-status>
+    SetHandler server-status
+    Order deny,allow
+    Deny from all
+    Allow from 127.0.0.1
+    # Allow from all
+</Location>
--- a/install/debian/12/bind/named.conf
+++ b/install/debian/12/bind/named.conf
@ -0,0 +1,12 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
+
--- a/install/debian/12/clamav/clamd.conf
+++ b/install/debian/12/clamav/clamd.conf
@ -0,0 +1,61 @@
+#Automatically Generated by clamav-base postinst
+#To reconfigure clamd run #dpkg-reconfigure clamav-base
+#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
+LocalSocket /var/run/clamav/clamd.ctl
+FixStaleSocket true
+LocalSocketGroup clamav
+LocalSocketMode 666
+# TemporaryDirectory is not set to its default /tmp here to make overriding
+# the default with environment variables TMPDIR/TMP/TEMP possible
+User clamav
+# AllowSupplementaryGroups true
+ScanMail true
+ScanArchive true
+ArchiveBlockEncrypted false
+MaxDirectoryRecursion 15
+FollowDirectorySymlinks false
+FollowFileSymlinks false
+ReadTimeout 180
+MaxThreads 12
+MaxConnectionQueueLength 15
+LogSyslog false
+LogFacility LOG_LOCAL6
+LogClean true
+LogVerbose true
+PidFile /var/run/clamav/clamd.pid
+DatabaseDirectory /var/lib/clamav
+SelfCheck 3600
+Foreground false
+Debug false
+ScanPE true
+ScanOLE2 true
+ScanHTML true
+ExitOnOOM false
+LeaveTemporaryFiles false
+AlgorithmicDetection true
+ScanELF true
+IdleTimeout 30
+PhishingSignatures true
+PhishingScanURLs true
+PhishingAlwaysBlockSSLMismatch false
+PhishingAlwaysBlockCloak false
+DetectPUA false
+ScanPartialMessages false
+HeuristicScanPrecedence false
+StructuredDataDetection false
+CommandReadTimeout 5
+SendBufTimeout 200
+MaxQueue 100
+ExtendedDetectionInfo true
+OLE2BlockMacros false
+StreamMaxLength 2M
+MaxFileSize 2M
+LogFile /var/log/clamav/clamav.log
+LogTime true
+LogFileUnlock false
+LogFileMaxSize 0
+Bytecode true
+BytecodeSecurity TrustSigned
+BytecodeTimeout 60000
+OfficialDatabaseOnly false
+CrossFilesystems true
--- a/install/debian/12/deb_signing.key
+++ b/install/debian/12/deb_signing.key
@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6
+sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ
+RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj
+4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O
+JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT
+kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq
+aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR
+leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e
++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j
+b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI
+BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5
+HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy
+UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3
+olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY
+lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6
+bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+
+DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo
+znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93
+3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG
+rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/
+USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71
+mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G
+EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm
+0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg
+coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy
+fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr
+7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA
+EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ
+EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof
+lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3
+m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G
+fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ
+hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2
+N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx
+JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA
+zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da
+qiC8NLvRaE3PVkma9Q==
+=RAbI
+-----END PGP PUBLIC KEY BLOCK-----
--- a/install/debian/12/dovecot/conf.d/10-auth.conf
+++ b/install/debian/12/dovecot/conf.d/10-auth.conf
@ -0,0 +1,4 @@
+disable_plaintext_auth = no
+auth_verbose = yes
+auth_mechanisms = plain login
+!include auth-passwdfile.conf.ext
--- a/install/debian/12/dovecot/conf.d/10-logging.conf
+++ b/install/debian/12/dovecot/conf.d/10-logging.conf
@ -0,0 +1 @@
+log_path = /var/log/dovecot.log
--- a/install/debian/12/dovecot/conf.d/10-mail.conf
+++ b/install/debian/12/dovecot/conf.d/10-mail.conf
@ -0,0 +1,4 @@
+mail_privileged_group = mail
+mail_access_groups = mail
+mail_location = maildir:%h/mail/%d/%n
+pop3_uidl_format = %08Xu%08Xv
--- a/install/debian/12/dovecot/conf.d/10-master.conf
+++ b/install/debian/12/dovecot/conf.d/10-master.conf
@ -0,0 +1,29 @@
+service imap-login {
+  inet_listener imap {
+  }
+  inet_listener imaps {
+  }
+}
+
+service pop3-login {
+  inet_listener pop3 {
+  }
+  inet_listener pop3s {
+  }
+}
+
+
+service imap {
+}
+
+service pop3 {
+}
+
+service auth {
+  unix_listener auth-client {
+    group = mail
+    mode = 0660
+    user = dovecot
+  }
+  user = dovecot
+}
--- a/install/debian/12/dovecot/conf.d/10-ssl.conf
+++ b/install/debian/12/dovecot/conf.d/10-ssl.conf
@ -0,0 +1,3 @@
+ssl = yes
+ssl_cert = </usr/local/vesta/ssl/certificate.crt
+ssl_key = </usr/local/vesta/ssl/certificate.key
--- a/install/debian/12/dovecot/conf.d/15-mailboxes.conf
+++ b/install/debian/12/dovecot/conf.d/15-mailboxes.conf
@ -0,0 +1,30 @@
+## Mailbox definitions
+##
+
+
+# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
+namespace inbox {
+  inbox = yes
+  mailbox Drafts {
+    special_use = \Drafts
+    auto = subscribe
+  }
+
+  mailbox Junk {
+    special_use = \Junk
+    auto = subscribe
+  }
+
+  mailbox Trash {
+    special_use = \Trash
+    auto = subscribe
+  }
+
+  mailbox Sent {
+    special_use = \Sent
+    auto = subscribe
+  }
+  mailbox "Sent Messages" {
+    special_use = \Sent
+  }
+}
--- a/install/debian/12/dovecot/conf.d/20-imap.conf
+++ b/install/debian/12/dovecot/conf.d/20-imap.conf
@ -0,0 +1,58 @@
+##
+## IMAP specific settings
+##
+
+protocol imap {
+  # Maximum IMAP command line length. Some clients generate very long command
+  # lines with huge mailboxes, so you may need to raise this if you get
+  # "Too long argument" or "IMAP command line too large" errors often.
+  #imap_max_line_length = 64k
+
+  # Maximum number of IMAP connections allowed for a user from each IP address.
+  # NOTE: The username is compared case-sensitively.
+  mail_max_userip_connections = 50
+
+  # Space separated list of plugins to load (default is global mail_plugins).
+  #mail_plugins = $mail_plugins
+
+  # IMAP logout format string:
+  #  %i - total number of bytes read from client
+  #  %o - total number of bytes sent to client
+  #imap_logout_format = bytes=%i/%o
+
+  # Override the IMAP CAPABILITY response. If the value begins with '+',
+  # add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
+  #imap_capability = 
+
+  # How long to wait between "OK Still here" notifications when client is
+  # IDLEing.
+  #imap_idle_notify_interval = 2 mins
+
+  # ID field names and values to send to clients. Using * as the value makes
+  # Dovecot use the default value. The following fields have default values
+  # currently: name, version, os, os-version, support-url, support-email.
+  #imap_id_send = 
+
+  # ID fields sent by client to log. * means everything.
+  #imap_id_log =
+
+  # Workarounds for various client bugs:
+  #   delay-newmail:
+  #     Send EXISTS/RECENT new mail notifications only when replying to NOOP
+  #     and CHECK commands. Some clients ignore them otherwise, for example OSX
+  #     Mail (<v2.1). Outlook Express breaks more badly though, without this it
+  #     may show user "Message no longer in server" errors. Note that OE6 still
+  #     breaks even with this workaround if synchronization is set to
+  #     "Headers Only".
+  #   tb-extra-mailbox-sep:
+  #     Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
+  #     adds extra '/' suffixes to mailbox names. This option causes Dovecot to
+  #     ignore the extra '/' instead of treating it as invalid mailbox name.
+  #   tb-lsub-flags:
+  #     Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
+  #     This makes Thunderbird realize they aren't selectable and show them
+  #     greyed out, instead of only later giving "not selectable" popup error.
+  #
+  # The list is space-separated.
+  #imap_client_workarounds = 
+}
--- a/install/debian/12/dovecot/conf.d/20-pop3.conf
+++ b/install/debian/12/dovecot/conf.d/20-pop3.conf
@ -0,0 +1,91 @@
+##
+## POP3 specific settings
+##
+
+protocol pop3 {
+  # Don't try to set mails non-recent or seen with POP3 sessions. This is
+  # mostly intended to reduce disk I/O. With maildir it doesn't move files
+  # from new/ to cur/, with mbox it doesn't write Status-header.
+  #pop3_no_flag_updates = no
+
+  # Support LAST command which exists in old POP3 specs, but has been removed
+  # from new ones. Some clients still wish to use this though. Enabling this
+  # makes RSET command clear all \Seen flags from messages.
+  #pop3_enable_last = no
+
+  # If mail has X-UIDL header, use it as the mail's UIDL.
+  #pop3_reuse_xuidl = no
+
+  # Keep the mailbox locked for the entire POP3 session.
+  #pop3_lock_session = no
+
+  # POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
+  # Many POP3 servers violate this by returning the sizes with LF linefeeds,
+  # because it's faster to get. When this setting is enabled, Dovecot still
+  # tries to do the right thing first, but if that requires opening the
+  # message, it fallbacks to the easier (but incorrect) size.
+  #pop3_fast_size_lookups = no
+
+  # POP3 UIDL (unique mail identifier) format to use. You can use following
+  # variables, along with the variable modifiers described in
+  # doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
+  #
+  #  %v - Mailbox's IMAP UIDVALIDITY
+  #  %u - Mail's IMAP UID
+  #  %m - MD5 sum of the mailbox headers in hex (mbox only)
+  #  %f - filename (maildir only)
+  #  %g - Mail's GUID
+  #
+  # If you want UIDL compatibility with other POP3 servers, use:
+  #  UW's ipop3d         : %08Xv%08Xu
+  #  Courier             : %f or %v-%u (both might be used simultaneosly)
+  #  Cyrus (<= 2.1.3)    : %u
+  #  Cyrus (>= 2.1.4)    : %v.%u
+  #  Dovecot v0.99.x     : %v.%u
+  #  tpop3d              : %Mf
+  #
+  # Note that Outlook 2003 seems to have problems with %v.%u format which was
+  # Dovecot's default, so if you're building a new server it would be a good
+  # idea to change this. %08Xu%08Xv should be pretty fail-safe.
+  #
+  #pop3_uidl_format = %08Xu%08Xv
+
+  # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
+  # won't change those UIDLs. Currently this works only with Maildir.
+  #pop3_save_uidl = no
+
+  # What to do about duplicate UIDLs if they exist?
+  #   allow: Show duplicates to clients.
+  #   rename: Append a temporary -2, -3, etc. counter after the UIDL.
+  #pop3_uidl_duplicates = allow
+
+  # POP3 logout format string:
+  #  %i - total number of bytes read from client
+  #  %o - total number of bytes sent to client
+  #  %t - number of TOP commands
+  #  %p - number of bytes sent to client as a result of TOP command
+  #  %r - number of RETR commands
+  #  %b - number of bytes sent to client as a result of RETR command
+  #  %d - number of deleted messages
+  #  %m - number of messages (before deletion)
+  #  %s - mailbox size in bytes (before deletion)
+  #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
+  #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
+
+  # Maximum number of POP3 connections allowed for a user from each IP address.
+  # NOTE: The username is compared case-sensitively.
+  mail_max_userip_connections = 50
+
+  # Space separated list of plugins to load (default is global mail_plugins).
+  #mail_plugins = $mail_plugins
+
+  # Workarounds for various client bugs:
+  #   outlook-no-nuls:
+  #     Outlook and Outlook Express hang if mails contain NUL characters.
+  #     This setting replaces them with 0x80 character.
+  #   oe-ns-eoh:
+  #     Outlook Express and Netscape Mail breaks if end of headers-line is
+  #     missing. This option simply sends it if it's missing.
+  # The list is space-separated.
+  #pop3_client_workarounds = 
+}
--- a/install/debian/12/dovecot/conf.d/auth-passwdfile.conf.ext
+++ b/install/debian/12/dovecot/conf.d/auth-passwdfile.conf.ext
@ -0,0 +1,9 @@
+passdb {
+  driver = passwd-file
+  args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd
+}
+
+userdb {
+  driver = passwd-file
+  args = username_format=%n /etc/exim4/domains/%d/passwd
+}
--- a/install/debian/12/dovecot/dovecot.conf
+++ b/install/debian/12/dovecot/dovecot.conf
@ -0,0 +1,4 @@
+protocols = imap pop3
+listen = *, ::
+base_dir = /var/run/dovecot/
+!include conf.d/*.conf
--- a/Show more
+++ b/Show more