The best cPanel / WHM plugin list


Whenever you’re installing a new cPanel server, it is very irresponsible to run it just as it is. There is much work to do after the installation. The biggest part of the maintenance works and administrative tasks are being done by installing cPanel/WHM plugins to will help in completing these tasks better and faster.

As a result of years of experience with Linux/cPanel servers, we decided to share our thoughts in this blog. And we would like to dedicate the first post to recommendations of our favorite cPanel/WHM plugins. These help you to configure your server properly and to improve the performance and capabilities.

The list is based on our own experience with each plugin.


The list of recommended cPanel/WHM plugin

    • Clean Backups
      cPanels backup script allows avoiding removal of backups for terminated accounts, saving these backups on the backup drive up to removal by the administrator.



    • ConfigServer Explorer (cse)
      The plugin provides you with a full featured File system explorer and a Virtual Console to use within your web browser in WHM.


    • ConfigServer Mail Manage (cmm)
      The plugin provides you with an interface for the cPanel user email accounts configuration, without having to perform a login to their accounts.




    • ConfigServer eXploit Scanner (cxs)
      The plugin provides a full protection from exploitation by scanning files each time they’re uploaded to the server, including the following scenarios: 

          • Actively on all file uploads within user accounts using the cxs Watch daemon regardless of how they were uploaded
          • PHP upload scripts (via a mod_security or suhosin hook)
          • Perl upload scripts (via a mod_security hook)
          • CGI upload scripts (via a mod_security hook)
          • Any other web script type that utilizes the HTML form ENCTYPE multipart/form-data (via a mod_security hook)
          • Pure-ftpd



        • ClamAV Scanner
          Clam Antivirus (ClamAV) is an antivirus software toolkit for Linux servers. It gives you the ability to allow your customers to perform scans of spyware or viruses in their hosting package. How To : Install ClamAV on cPanel


        • Domains Statistics 
          This plugin gives you the ability to get organized information about the domains that are hosted on your server.


        • Remote MX Wizard
          This plugin was developed for web hosting companies, webmasters and website developers that have to setup domains with remote MX records in the everyday work..



        • Restore Manager Recommended!!!
          This plugin allows cPanel users to easily self restore individual database and domain files directly from the server backup folders, without downloading the whole account backup.


        • Nginx Admin 
          This plugin Nginx Admin is a cPanel Nginx integration plugin. This plugin will increase your server performance and decrease server loads cased by apache.


Secure your cPanel server


After the initial setup of cPanel server the server is not very secure and there are many things that can be done to secure your server.

In this tutorial we will go over some steps that include few software installation and web server security settings modification.

The collection of these easy steps is a results of years of experience in maintenance and management of linux servers.


1) Updates & Installation

Update cPanel to the latest version from the WHM interface:

Navigate to: Home » cPanel » Upgrade to Latest Version

Next, install the Apache mod_security with EasyApache:

Navigate to: Home » Software » EasyApache (Apache Update)

On step 4 check the “Mod Security” option and click the “Save and Build” button.

Next, login to the cPanel server as root via SSH and run OS update, then install some softwares from ConfigServer:

yum update -y

tar -xzf csf.tgz
cd csf/
cd ..
rm -Rfv csf/ csf.tgz

tar -xzf cmc.tgz
cd cmc/
cd ..
rm -Rfv cmc/ cmc.tgz


2) Use The Security Advisors

If your cPanel version is 11.42+ and CSF is installed on your server there is two Security Advisors on your server that will check the security level of your server and will suggest recommendations on how fix the security issues.

For cPanel Security Advisor navigate to:

Home » Security Center » Security Advisor

For ConfigServer Firewall Security Advisor navigate to:

Home » Plugins » ConfigServer Security & Firewall » Check Server Security

* Follow all the recommendations and make the necessary changes to fix your server security issues.

We recommend to run the Security Advisors at least once a month.


3) Web Server Security & Firewall (ModSecurity)

Our choice for Mod Security rules is the Comodo Web Application Firewall (CWAF) agent. The cPanel\WHM plugin automate the installation & configuration of CWAF on the server and the deployment of periodically published predefined firewall rules set updates.

1) To get access to Comodo Mod Security rules and CWAF free sign up is needed:

2) To download the comodo client agent login to the web administration console and click the “Download latest installer” link (top right of the screen) “”.

3) Copy the agent setup file to a local directory in the server E.g. /root

4) Run the installation script as root via SSH:

bash /root/

Follow the instructions in the setup wizard!

Next edit mod_security conf file and include the CWAF Rules.

vi /usr/local/apache/conf/modsec2.conf

And add this line:

Include "/var/cpanel/cwaf/etc/cwaf.conf"

The file should look like this:

LoadFile /opt/xml2/lib/ 
# LoadFile /opt/lua/lib/ 
LoadModule security2_module  modules/ 
<IfModule mod_security2.c> 
SecRuleEngine On 
SecTmpDir /tmp 
SecDataDir /tmp 
SecRequestBodyAccess On 
SecAuditEngine RelevantOnly 
SecPcreMatchLimitRecursion 250000 
SecDebugLog logs/modsec_debug_log 
SecPcreMatchLimit 250000 
SecAuditLog logs/modsec_audit.log 
SecDebugLogLevel 0 
Include "/var/cpanel/cwaf/etc/cwaf.conf" 

5) Now login to WHM as root and navigate to:

Home » Plugins » Comodo WAF

At the “Main” tab you can run updates if needed,

At the “Catalog” tab you can set or unset rules for all vhosts or for a singel domain.

6) Restart Apache

service httpd restart

7) Set new Apache configuration:

Home » Service Configuration » Apache Configuration » Global Configuration

Change to:

SSL Cipher Suite = (PCI recommended)

Trace Enable = Off

Server Signature = Off

Server Tokens = ProductOnly

File ETag = None

Then clicking on “Save”

8) Set new PHP configuration:

Home » Service Configuration » PHP Configuration Editor

Select the “Advanced Mode” and set the following settings:

allow_url_fopen = off

expose_php = Off

enable_dl= Off

register_globals = off

display_errors = off

disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open, eval, symlink, link, readlink, dl, escapeshellarg, escapeshellcmd, ini_restore, apache_get_modules, ini_get_all, get_cfg_var

9) Restart Apache

service httpd restart

 10) Enable failure detection of repeated Apache mod_security rule triggers

Navigate to:

Home » Plugins » ConfigServer Security & Firewall » Firewall Configuration

And set the number of failures between 3 and 5 by changing the value:





4) Tweaks

1) Install and config “tmpwatch”

yum install tmpwatch

Edit the tmpwatch cron file:

vi /etc/cron.daily/tmpwatch

The file should look like this:

#! /bin/sh
/usr/sbin/tmpwatch "$flags" -x /tmp/.X11-unix -x /tmp/.XIM-unix \
	-x /tmp/.font-unix -x /tmp/.ICE-unix -x /tmp/.Test-unix \
	-X '/tmp/hsperfdata_*' -m 24 /tmp
/usr/sbin/tmpwatch "$flags" -m 12 /var/tmp
for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do
    if [ -d "$d" ]; then
	/usr/sbin/tmpwatch "$flags" -mf 12 "$d"

2) Disable Compilers for all accounts from:

Home » Security Center » Compiler Access

3) Disable Anonymous FTP & Logins with root

Home » Service Configuration » FTP Server Configuration



5) eXploit Scanner

The eXploit Scanner is the best tool out there for detecting malicious code on the server and for real time detection while files are uploaded to the server.

eXploit Scanner detecting malicious code uploaded real time and deny the upload and blocks the IP address from which the file is upload.

1) Install ClamAV:

Home » cPanel » Manage Plugins

 Select “clamavconnector” and Seve.

2) The “eXploit Scanner” is not free, but worth every cent. Buy license at:

3) Once you received the confirmation email of the activation of the license you can start the installation of the eXploit Scanner plugin:

tar -xzf cxsinstaller.tgz
rm -fv cxsinstaller.*

mkdir -m 1777 /usr/suspicious_files
touch /var/log/cxs.log
chmod 0666 /var/log/cxs.log

cp /etc/cxs/cxs.defaults.example /etc/cxs/cxs.defaults
cp /etc/cxs/cxs.ignore.example /etc/cxs/cxs.ignore
cp /etc/cxs/cxs.xtra.example /etc/cxs/cxs.xtra
chmod 644 /etc/cxs/cxs.xtra /etc/cxs/cxs.defaults /etc/cxs/cxs.ignore
chmod 755 /etc/cxs/ /etc/cxs/

4) Enable the pure-ftp upload script:

vi /etc/pure-ftpd.conf

And change the “CallUploadScript” value

# CallUploadScript yes

CallUploadScript yes

Next, restart the pure-uploadscript daemon:

/etc/init.d/pure-uploadscript restart

5) Edit the config files and comment any exiting line with # in this files:

Edit file:

vi /etc/cxs/


/usr/sbin/cxs -Z --cgi --block --smtp --mail root --delete --qoptions Mexv -I /etc/cxs/cxs.ignore --xtra /etc/cxs/cxs.xtra "$1"

Edit file:

vi /etc/cxs/

And set the line:

/usr/sbin/cxs -Z --ftp --block --smtp --mail root --delete --qoptions Mexv -I /etc/cxs/cxs.ignore --xtra /etc/cxs/cxs.xtra "$1"

Edit file:

vi /etc/cxs/

And set the line:

/usr/sbin/cxs --Wstart --allusers --www --block --smtp --mail root --quarantine /usr/suspicious_files --qoptions Mexv --xtra /etc/cxs/cxs.xtra --Wmaxchild 5 --Wloglevel 0 --Wsleep 3 --filemax 0 --Wrateignore 300


6) Create Cron jobs via the UI from:

Home » Plugins » ConfigServer eXploit Scanner

Click on “Edit Cron Jobs” and add the command:

/usr/sbin/cxs --mail root --exp --vir -I /etc/cxs/cxs.ignore -X /etc/cxs/cxs.xtra -Q /usr/suspicious_files --options mMOLfSGchexdnwWZDRPu --qoptions Mexv -Z --sum -S 1000000 -F 10000 -C /var/clamd -T 2 --MD5 -B --allusers

Add the auto update cron command:

/usr/sbin/cxs --upgrade --quiet

Create the cxs suspicious files folder:

mkdir /usr/suspicious_files


* Enable detection of repeated cxs and mod_security rules trigger. This option will block the user IP address if cxs or ModSecurity triger is detected.

Navigate to:

Home » Plugins » ConfigServer Security & Firewall » Firewall Configuration

And set: LF_CXS = 1

* The files “/etc/cxs/cxs.ignore” and “/etc/cxs/cxs.xtra” are used to include or exclude files from scanning by the file name, regular expression match or md5sum match.

For more information go to:


Finally we finished securing your server!





* Know that security is not optimization. It will take more resources from the server!

* This guide is not a complete solution for server security. Only the main first steps in the process of securing your server are covered!



Problem adding addon domain in cpanel


I have installed cpanel on centos and changed my domain name server to ns2, ns3. I am able to go to my main domain and every thing works fine with it, but when I try addind an addon domain it gives the following domain Using nameservers with the following IPs:,, Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server. Please transfer the domain to this servers nameservers or have your administrator add one of its nameservers to /etc/ips.remotedns and make the proper A entries on that remote nameserver.

For the first issue, if you could enable these in WHM > Tweak Settings, then you should no longer receive the error message of “Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server. Please transfer the domain to this servers nameservers or have your administrator add one of its nameservers to /etc/ips.remotedns and make the proper A entries on that remote nameserver.” any longer:

Allow Remote Domains [?]
Allow creation of parked/addon domains that resolve to other servers (e.g. domain transfers) This can be a major security problem. If you must have it enabled, be sure not to allow users to park common Internet domains.

Allow unregistered domains [?]
Allow creation of parked/addon domains that are not registered.

Simply change both of these options to “On”, and then click the “Save” button in Tweak Settings area.

I will let one of our API specialists handle the API question.


Optimize MySQL & Apache on cPanel/WHM server


On this optimization process we will go over the Apache core configuration and modules that are part of Apache core. We think that with the correct settings of Apache and MySQL you can get excellent results and the correct level of resource use without installing third-party proxy and cache modules. So let’s start,

Apache & PHP

In the first stage we run the Easy Apache and selected the following:

* Apache Version 2.4+

* PHP Version 5.4+

* In step 5 “Exhaustive Options List” select

– Deflate

– Expires

– MPM Prefork

– MPM Worker

After Easy Apache finished go to your WHM » Service Configuration » Apache Configuration » “Global Configuration” and set the values by the level of resources available on your server.

Apache Directive          (From 2GB memory or less and up to 12GB memory)

StartServers               4          8          16
MinSpareServers          4          8          16
MaxSpareServers          8          16          32
ServerLimit               64          128          256
MaxRequestWorkers          50          120          250
MaxConnectionsPerChild          1000          2500          5000
Keep-Alive            On        On        On
Keep-Alive Timeout         5         5          5
Max Keep-Alive Requests        50         120         120
Timeout                30        60        60

Now go to WHM » Service Configuration » Apache Configuration » Include Editor » “Pre VirtualHost Include” and allow users minimal cache and data compression to allow the server to work less for the same things by pasting the code below into the text field.

# Cache Control Settings for one hour cache
<FilesMatch “.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$”>
Header set Cache-Control “max-age=3600, public”

<FilesMatch “.(xml|txt)$”>
Header set Cache-Control “max-age=3600, public, must-revalidate”

<FilesMatch “.(html|htm)$”>
Header set Cache-Control “max-age=3600, must-revalidate”

# Mod Deflate performs data compression
<IfModule mod_deflate.c>
<FilesMatch “.(js|css|html|php|xml|jpg|png|gif)$”>
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE no-gzip

Go to WHM » Service Configuration » “PHP Configuration Editor” and set the parameters according to your needs:

– memory_limit

– max_execution_time

– max_input_time


For MySQL you need to update the configuration file that usually in /etc/my.cnf

Best config base on 1 core & 2GB memory MySQL 5.5:

local-infile = 0
max_connections = 250
key_buffer = 64M
myisam_sort_buffer_size = 64M
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 2M
max_heap_table_size = 16M
table_cache = 5000
thread_cache_size = 286
interactive_timeout = 25
wait_timeout = 7000
connect_timeout = 15
max_allowed_packet = 16M
max_connect_errors = 10
query_cache_limit = 2M
query_cache_size = 32M
query_cache_type = 1
tmp_table_size = 16M


max_allowed_packet = 16M
key_buffer = 64M
sort_buffer = 64M
read_buffer = 16M
write_buffer = 16M

Best config base on 8 core & 12GB memory (Shared server) MySQL 5.5:

max_connections = 600
key_buffer_size = 512M
myisam_sort_buffer_size = 64M
read_buffer_size = 1M
table_open_cache = 5000
thread_cache_size = 384
wait_timeout = 20
connect_timeout = 10
tmp_table_size = 256M
max_heap_table_size = 128M
max_allowed_packet = 64M
net_buffer_length = 16384
max_connect_errors = 10
concurrent_insert = 2
read_rnd_buffer_size = 786432
bulk_insert_buffer_size = 8M
query_cache_limit = 5M
query_cache_size = 128M
query_cache_type = 1
query_prealloc_size = 262144
query_alloc_block_size = 65535
transaction_alloc_block_size = 8192
transaction_prealloc_size = 4096
max_write_lock_count = 8


max_allowed_packet = 16M

key_buffer = 384M
sort_buffer = 384M
read_buffer = 256M
write_buffer = 256M

key_buffer = 384M
sort_buffer = 384M
read_buffer = 256M
write_buffer = 256M

#### Per connection configuration ####
sort_buffer_size = 1M
join_buffer_size = 1M
thread_stack = 192K

Repair & optimize databases then restart MySQL:

mysqlcheck –check –auto-repair –all-databases
mysqlcheck –optimize –all-databases
/etc/init.d/mysql restart

Security & Limit Resources

Install CSF (ConfigServer Security & Firewall) at:

1) Go to WHM » Plugins » ConfigServer Security & Firewall » “Check Server Security” And pass on what appears as required to repair:

2) Go to WHM » Plugins » ConfigServer Security & Firewall » “Firewall Configuration” and set the parameters according to your needs:





Now enjoy your new fast and more effective server.

IPAddress is already an active IP


Sometimes, when something odd happens to your server (most of the time intentionally, though not in an ideal situation) when you go to add an IP address to your server, you’ll see this error:

$IPADDRESS is already an active IP. Skipping $IPADDRESS .. already added !

And then when you check the cPanel logs (because you’re a good admin like that), you’ll see this error:

[2013-10-26 15:21:41 -0500] info [xml-api] $IPADDRESS is already an active IP. [addips] version [1].

Well, when that happens there are a plethera of things to check and correct. Hopefully one of these will fix it for you.


Make sure that the IP address you’re trying to add has been removed from these files:


If you happen to also be trying to add back the IP that was previous the primary IP address, you will also need to update this file:


This one cannot be manually edited, however, because if you leave the extra space at the end of your line, WHM will still choke. These are the steps I would recommend. First, copy mainip to a new file.

cp /var/cpanel/mainip /var/cpanel/

Then, edit /var/cpanel/ to reflect the new IP address.

vi /var/cpanel/

Then cat the new ip into the existing mainip file.

cat /var/cpanel/ |tr -d "\n" |tr -d "\r" > /var/cpanel/mainip

Once all of that is complete, run these commands and you should be able to add the IP address to WHM again.

/etc/init.d/network restart
/etc/init.d/ipaliases restart


Install Nginx admin cPanel plugin


There has been a lot of those guides but here’s another one to the collection with minor improvements.

In this tutorial we will install step by step the Nginx admin cPanel plugin.


Installation for 32Bit\64Bit

Step 1  install Nginx admin

cd /usr/local/src
tar xf nginxadmin.tar
cd publicnginx
./nginxinstaller install


Step 2 restart apache

/etc/init.d/httpd restart


Step 3 automated /tmp cleanup by add a cron job

0 */1 * * * /usr/sbin/tmpwatch -am 1 /tmp/nginx_client



For VPS server with 1 core and 1GB memory, This is usually the default settings in Nginx Admin :

worker_processes  2;
worker_connections 5120; # increase for busier servers
keepalive_timeout  30;


For dedicated server with 4 core and up to 12GB memory:

worker_processes  4;
worker_connections 10240; # increase for busier servers
keepalive_timeout  60;


For suPHP add the lines:

fastcgi_send_timeout 60;
fastcgi_read_timeout 60;
fastcgi_connect_timeout 60;


If you received this error in installation:


Traceback (most recent call last):
File “/usr/local/src/publicnginx/nginxinstaller2″, line 9, in ?
import createvhosts
File “/usr/local/src/publicnginx/”, line 2, in ?
import yaml
File “/usr/lib/python2.4/site-packages/PyYAML-3.10-py2.4-linux-i686.egg/yaml/”, line 26
SyntaxError: ‘yield’ not allowed in a ‘try’ block with a ‘finally’ clause


Try to run pythonfix script and reinstall:



If for any reason “pythonfix” not working try to downgrade python manually.

tar fxz Python-2.5.2.tgz
cd Python-2.5.2
make install


If you received this error in httpd restart.


nginx: [emerg] bind() to failed (98: Address already in use)
nginx: [emerg] bind() to failed (98: Address already in use)
nginx: [emerg] still could not bind()
already running.


Possibly that Apache is still running on port 80.

The solution go to:
1) Main >> Server Configuration >> Tweak Settings in WHM the Apache non-SSL IP/port and make sure that is set to 8081.
2) Main >> Service Configuration >> Apache Configuration >> Global Configuration save and “Rebuilt Configuration and restart Apache”.
3) Main >> Plugins >> Nginx Admin >> Rebuild Vhosts


If when restart nginx it show this error:

# service nginx restart
Restarting nginx daemon: nginxRemaining processes: 1406 11903
Remaining processes: 1406
cat: /var/run/ No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
not runningRemaining processes: 1406


Clear all processes under nginx run:

killall -15 nginx
/etc/init.d/httpd stop
ipcs -s | grep nobody | perl -e 'while () { @a=split(/\s+/); print `ipcrm sem $a[1]`}'
/etc/init.d/httpd start


If you received this error in Nginx restart.

Restarting nginx daemon: nginxRemaining processes: 24323.

Run EasyApache