May 13 2017

Reset Windows Password on 1&1 CloudServer

So a task that I’m given alot is to go ahead and reset a lost Windows Password on one of my customer’s servers. The customer is in a position where they only have a single user account, Administrator, they’re not connected to an Active Directory, and don’t have any other means to reset the password. It would typically be at this point that the customer either keep trying to remember their password, and risk being locked out, or backing up their information and reimaging their server.

The trick to all this, since these are Virtual Machines and 1&1 is in no way able to automatically reset the password like they could with the VZ-Containers, involves an old trick / “hack” involving changing out the “Ease of Access” button for a Admin-enabled Command Prompt. You can check out a tutorial on the trick by going to¬†https://www.technibble.com/bypass-windows-logons-utilman/ . They are using Win7 with the DVD, we’re going to do the same thing with Windows Server and using Linux (since getting the Win DVD is difficult due to the timeout on boot).

Continue reading

April 30 2016

1&1 Speed Test on Cloud Server | 1and1 NGCS

So I know a few customers have asked me for the speed of the 1and1 Cloud Servers, since it doesn’t appear to show up anywhere on the site, and the official answer we give is that the Cloud Server is limited to a maximum theortical speed of 400mbit/s. As always with this sort of thing, this is the maximum possible and not the guaranteed real world connection that you’ll get all the time. This is no different then your typical ISP when you get a “75/50” connection at home, but I figured it’d be worth posting what I get on my personal account. Please note that I receive the same package as any customer with no added perks (unfortunately ūüôĀ ).

 

March 29 2016

Plesk 12.5.3 on Ubuntu 16.04 working

So I set out to do a few things for some colleagues at work in order to answer a few questions. One was agents wanted to know if and how to do an in place upgrade from 1&1’s supported version of Ubuntu 14.04 to the bleeding edge development version of Ubuntu 16.04. Then, after that, someone also asked “is Plesk supported by 16.04?” Well, fun fact, it doesn’t appear that Plesk is supporting even Ubuntu 15.04 yet, so it goes without a surprise that they don’t support 16.04. However, that doesn’t mean that Plesk won’t run on 16.04, on the contrary, it runs fine. Just don’t expect to install any updates or components after the fact. It appears that since Plesk uses encrypted binaries for their updater scripts, we can’t even remove the checks to force it to install. Fortunately most things can’t still be done if it’s installed already and you can always work with the binaries in place to add components like PHP Versions.

How hard was it to update?

# apt-get update
# apt-get do-release-upgrade -d
# plesk repair all -n
# shutdown -r now

And that’s it.

2016-03-28 19_59_01-Home - Plesk 12.5.30

2016-03-28 19_59_39-Plesk Installer

March 28 2016

CentOS 7 | Reset Root Password | Grub Method

Imagine the situation where your Administrator is fired/quits, and with him takes the root password of the server and need access to the server right now. Fortunately, Linux makes the process incredibly easy since you have local access, at least in the eyes of the Linux OS. All this method requires is the ability to manipulate GRUB, so if you have a way of seeing the grub menu and working with it, then this method is for you.

Let’s Get Started

  1. Reboot the server and get to the Grub Menu
  2. Go to the line that says “linux16”.
    1. There’s going to be a few more lines compared to CentOS6‘s method, just scroll slowly, it’s there.
  3. Using the Right arrow, go into the “linux16” line and find the word “ro”.
    1. This is telling the server to boot into Read Only. The server boots that and then upon login/mounting you get a Read/Write access. We want to bypass that.
  4. Change “ro” to “rw” and follow it up with “init=/sysroot/bin/sh”
    1. “ro” becomes “rw init=/sysroot/bin/sh”
  5. Press Ctrl-X to boot with this configuration
    1. Note that this doesn’t save the configuration, just lets you boot into it for this Session
  6. Now you should have Root access, type the “passwd” command to change the password.
  7. Reboot the server and use your new password to login.

This method is great for 1&1’s Dedicated Servers using the Serial Console, 1&1’s Cloud Servers using either the KVM/VNC console, and Digitalocean’s KVM console. As long as you can see GRUB, you can change the root password.

March 20 2016

SSH Keys with 1and1 Cloud Servers

1&1 has updated their NGCS (New Gen Cloud Server) platform to include the ability to have your Public SSH key added to the server upon creation. SSH keys gives you a secure Public/Private key solution that is much safer than using passwords. Unfortunately, you’ll still have to do a few security tasks such as disable password logins, change ports, and disable root login altogether for a nice and secure system, but for now this is a pleasant addition!

 

2016-03-16 20_38_48-1&1 Cloud Panel

Create your Public key using PuttyGen¬†, then simply paste the contents of the Public Key into “SSH Key”. After the server is complete, you can use Pageant from the same Putty creator, or if your SSH client like MobaXterm allows it, load the Private Key then connect to your server.

December 23 2015

Remote FTP Backups with Plesk

A common control panel that’s being sold at providers such as 1&1 is the Parallels Plesk Panel. It’s fairly simple and straight forward to use, and is provided at a discount compared to the popular cPanel. Like cPanel, Plesk allows an Administrator to configure domains, customer subscriptions, and provide web hosting services to their own customers. An important aspect that any webhost needs to provide for their customers, and for their own infrastructure, is a backup solution.

I’ve previously gone in depth about Backup Solutions and ideas for the 1&1 Cloud Server, which is a perfect place to start since it has the most backup options self contained at 1&1, but you may want something a bit different, something where the backups are kept with you and are in your full possession.

Typically, Plesk’s Backup Manager can be set up on a schedule which stores either Full or Incremental backups in the /var/lib/psa/dumps directory. This is great if we’re on a dedicated server and have hundreds of GigaBytes of disk space, but with the Cloud Servers, every GB is valuable to us and space is limited. Most of us have a local computer that has almost a TB of space available to us, even more if we look at having a USB Harddrive. We’ll want to leverage that space by configuring Plesk to send backups to that drive using free software such as FileZilla FTP Server.

Right off the bat, I don’t like FTP, due to many reasons of security which I won’t delve on, but it’s all that Plesk allows right off the bat. Later, I’ll write alternative setups to try to get rid of FTP from the equation and use something a bit more secure.

Requirements

  • Plesk
  • FileZilla FTP Server
  • Know you local IP Address
  • DynDNS (optional)

Plesk Guide

http://download1.parallels.com/Plesk/Doc/en-US/online/plesk-administrator-guide/59256.htm#

Please read up on the Plesk Admin Guide to understand how to setup and use the feature in depth. I’ll only be covering the basic jist of setting it up.

IP Address Concern

Many ISP providers choose to provide IP Address dynamically which means that they are constantly changing. This provides a huge issue for trying to configure FTP Schedules when Plesk doesn’t know the IP of where to connect to.

If this is the case, I recommend looking into a service like DynDNS or No-IP. These services will create a domain like “mydomain.dyndns.net” which is pointed at your IP. A client program is ran on your computer to update this domain whenever your IP changes. We provide this domain to the FTP Storage setting instead of using just an IP address, and won’t have to worry about this IP concern.

FileZilla FTP Server

Right off the bat, you’re going to want to get FileZilla setup and running, Firewall Exceptions added, and as needed, port forwarding completed.¬†http://portforward.com/ is a great site that explains steps for various routers and configurations to forward ports. Forwarding is needed in this world of multiple devices connected to a single gateway like your Cable Modem.

Create a user, password, and Shared folders of where you’re going to place the files and call that storage the user’s “home”. Password authentication is at least a piece of security, another piece is to ¬†add IP Filtering to block all IPs except for your server. This at least means the only way someone is accessing these files are to be coming from your server. That’s a start I suppose.

In the “Settings” configuration of FileZilla, set the “IPs are not allowed access..” and give it a “*” which basically is a wildcard saying All IPs are not allowed access. “Exclude the following IPs…” and give it your server’s IP.

Backup Settings in Plesk

After you configure Plesk for FTP Storage, you’ll want to start looking at the Schedule for an option that fits your business model. Personally, I like the idea of doing a Full backup every week, with incremental backups everyday. ¬†The incremental will make sure that only small changes are recorded and saved, which will help keep filesize down. You should check the “Suspend Domains” while the Backups get processed. This will ensure there’s no file conflicts of files being in use or changing, but it will also mean that you’re sites on that domain will be unavailable, so schedule during the late night hours when your business can be safely taken offline.

December 21 2015

Reset Windows Password on 1and1’s Cloud Server

Let’s take a scenario:
You created a Windows Server VM at 1and1.com and decided to use your own super secret password. Since you specified the password, it doesn’t show up in the cloud panel. Since this is a windows, we can’t just load up a LiveCD of Linux, CHROOT and run the command “passwd” and be done with it. We also don’t have the ability to use our own ISOs which may have a nice Bootdisk to that resets passwords in the SAM file. We need to get this data somehow, and I figured out how to do it.

The golden ticket here is we need to be able to run Command Prompt and we need to change our password. Since we have KVM access, we only need to rename the Command Prompt “cmd.exe” to a system program like “Utilman.exe” or “Magnifier.exe” so we can run it at the logon screen.

For the new Cloud Servers, which has the “Cloud Panel” and dubbed “NGCS” or “1&1 Cloud Server”, the only DVD/Application available that works seems to be GParted which is Debian based. For older 1&1 Cloud Servers, which went under the names “Dynamic Cloud Server”, “Virtual Dedicated Server”, “VDS” / “DCS”, you can use the “Recovery Tool” in the 1&1 Control Panel as the “Linux Rescue” both stable and unstable are Debian Based as well.

For the NGCS:
– Go ahead and load up the KVM from you Cloud Panel by going to “Actions” => “Access KVM Console”
– In the Cloud Panel also load the GParted by clicking “DVD” => “Applications” => select “GParted”
– Reboot server and watch it in the KVM Console
– When you follow the prompts, you’ll get to a desktop, choose “Terminal”

For VDS/DCS:
– Go to 1&1 Control Panel => 1&1 Servers => Recovery Tool => choose either Linux Rescue
– Use your VNC Console or SSH into your server using IP address, Root, and the Recovery password created
– Either option will bring you into the server’s Terminal

 

In Terminal

  1. Mount the Windows partitions
    1. NGCS
      1. mount /dev/sda2 /mnt
    2. VDS/DCS
      1. mount /dev/sda1 /mnt
  2. Change Directory to “C:\Windows\System32”
    1. cd /mnt/Windows/System32
  3. make backups of Utilman.exe or Magnifier.exe
    1. mv Utilman.exe Utilman.exe.bak
  4. Copy and Rename CMD as previous application
    1. cp cmd.exe Utilman.exe
  5. Reboot Server with back to regular mode
    1. NGCS
      1. Remove DVD from CloudPanel
      2. Restart Server
    2. VDS/DCS
      1. Recovery Tool => Windows Server (normal)

Now the server should be starting up and getting to the Logon Screen. Both the VNC Console and the KVM console should show you at the Windows Login Screen, and in the bottom left there’ll be a little square button. This is your “Ease of Access” button or “Utilman.exe”. If you renamed CMD to Utilman, then clicking this will bring up a Command Prompt, otherwise Open that and click on your Magnifier to bring up the Command Prompt

In Command Prompt

Change User Password

  1. net user <USER> <NewPassword>
  2. Login with User and it’s new password

Create a new user with Local Admin Rights

  1. net user <USER> <Password> /add
  2. net localgroup Administrators <USER> /add
  3. Login (no need to reboot)

 

Note:

  • Always remember to change the applications back to the originals with the backups you made. While unlikely someone would get KVM/VNC console access, if they find an exploit (like the one needed for Dedicated Servers) then they can reset/add Admin users.
  • Changing user passwords this way may cause loss of access to “Encrypted Files/Folders”. Do this as a last resort when the only other option that’s been given is to Reimage.
December 13 2015

1&1 Cloud Servers now has Data Center Selections

So prior to 12/09/2015, 1&1 only allowed you access to the datacenter of your region, which for most of the world meant basing yourself out of their main datacenter in Lenexa, Kansas. The only way to get put into Europe was to be a UK, French, or German customer and you would be based out of the Spain Datacenter. Well fortunately, that’s all changed now, and we can choose where we want our cloud to be located with the following choices: Spain/Europe, USA, Germany.

The datacenter feature covers a number of things:

  • Server Creation
  • Load Balancer
  • Private Networking
  • VPN
  • Shared Storage

A few things to note:

Creating a Servers can’t connect to private networks not in their datacenter. That basically goes the same for VPN and Load Balancing as well, everything must be connected with it’s datacenter. The Datacenter feature is kept in the “Advanced” tab as everything else defaults to the datacenter of your region as it use to happen.

2015-12-12 19_20_44-1&1 Control Panel

 

2015-12-12 19_21_11-1&1 Control Panel

 

2015-12-12 19_31_38-1&1 Control Panel

November 21 2015

Arch Linux on 1and1 Cloud Server

Migrated from TimGarrity.me

With the inclusion of 1&1’s VMWare-based cloud servers, comes the ability to finally be able to install our OSes directly using the OS ISO rather than 1and1.com’s pre-created image. The goal of this article is that when we’re finished, we’ve figured out a way to install unsupported operating systems on to an NGCS VM without being able to use VMWare’s DVD or USB drive.

Now, as a disclaimer, this was the first time working on a task like this in all my years of running Linux. How often do you really find yourself without a USB drive or a CD/DVD? Also, 1&1’s stance is to provide support for the Hardware, and not the software, so they don’t support the OS and you can be sure they don’t support an OS that they have vetted. So please don’t do this on a live server that you wish to run your business off of unless you know exactly what it is you’re doing.

Preresequites:

  • Cloud Server S ($4.99)
  • CentOS7 ISO – Don’t choose image, as we want to make sure we parition to our liking.
  • ArchLinux ISO – to be downloaded after VM is spun up

Since we’re installing via the CentOS ISO, we’re going to need the use the KVM. So first, let’s create our VM:

2015-11-16 09_33_29-1&1 Control Panel

When complete, go ahead and load up the KVM Console. The creation strangely takes 2minutes, though creating a container with a preconfigured Image in cache takes 55seconds. IDK.
A few things I did, I used a 1GB swap and an 8GB main partition. Since I’m going to blow the 8GB CentOS install away later for ArchLinux, that seemed like a safe bet. However, you may want more or less swap space.

2015-11-16 09_36_27-ArchLinux Tutorial

2015-11-16 09_36_56-ArchLinux Tutorial

2015-11-16 09_37_23-ArchLinux Tutorial

2015-11-16 09_39_37-ArchLinux Tutorial

Remember to turn your Network Settings on so we don’t have to stay working in the KVM and can do things like Copy/Paste via SSH.

2015-11-16 09_39_56-ArchLinux Tutorial

2015-11-16 09_40_24-ArchLinux Tutorial

 

While you’re waiting for everything, maybe put on some music.

2015-11-16 09_42_34-Program Manager

 

Then finally, when all said and done, you should be able to start booting into CentOS7

2015-11-16 09_46_49-ArchLinux Tutorial

So let’s grab our IP Address and ssh into the machine

2015-11-16 09_47_02-1&1 Control Panel

# ssh [email protected]

[[email protected] ~]#

Now, we’re going to need wget to download our image. So let’s have Yum take over for that:

# yum install -y wget

Now we get our image from the mirror. Find the best one for you by going to https://www.archlinux.org/download/ . I chose http://mirrors.advancedhosters.com/archlinux/iso/2015.11.01/archlinux-2015.11.01-dual.iso

# wget http://mirrors.advancedhosters.com/archlinux/iso/2015.11.01/archlinux-2015.11.01-dual.iso

We’re now going to want to keep everything nice and orderly. This is helpful if you were keeping CentOS7 to stay, and just livebooting other OSes. So let’s create an “/iso” folder and move our file there.

# mkdir /iso 
# mv archlinux-2015.11.01-dual.iso /iso/archlinux.iso

Now, we have our image where we need it, renamed it so it’s easily remembered. Now we need to update grub to boot from it. Luckily I’ve tested this all out in VMWare so I have this down to a science now. First, we’re going to want to do two things. Let’s find out what sda we’re working with, let’s create a partition for Arch, then create a FS for Arch to install into, and THEN we’ll edit grub.

# fdisk -l

Disk /dev/sda: 32.2 GB, 32212254720 bytes, 62914560 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000affa2

 Device Boot Start End Blocks Id System
/dev/sda1 * 2048 16386047 8192000 83 Linux
/dev/sda2 16386048 18434047 1024000 82 Linux swap / Solaris

# fdisk /dev/sda
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): n
Partition type:
 p primary (2 primary, 0 extended, 2 free)
 e extended
Select (default p): p
Partition number (3,4, default 3):
First sector (18434048-62914559, default 18434048):
Using default value 18434048
Last sector, +sectors or +size{K,M,G} (18434048-62914559, default 62914559):
Using default value 62914559
Partition 3 of type Linux and of size 21.2 GiB is set

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

# shutdown -r now
Connection to 70.35.206.163 closed by remote host.
Connection to 70.35.206.163 closed.

We rebooted so that sda3 could sync. Let’s jump back into the server when it’s back up

# ssh [email protected]
# mkfs.ext4 /dev/sda3
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
1392640 inodes, 5560064 blocks
278003 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2153775104
170 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
 4096000

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

Now we’re good to go with editing grub, knowing that we need to mount the ArchISO to boot with sda1, though we’ll be installing to sda3

# vi /etc/grub.d/40_custom
menuentry "Archlinux" {
 set isofile="/iso/archlinux.iso"
 loopback loop (hd0,1)$isofile
 linux (loop)/arch/boot/i686/vmlinuz img_dev=/dev/sda1 img_loop=$isofile earlymodules=loop
 initrd (loop)/arch/boot/i686/archiso.img
 boot
}

:wq
#

# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-123.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-123.el7.x86_64.img
Warning: Please don't use old title `CentOS Linux, with Linux 3.10.0-123.el7.x86_64' for GRUB_DEFAULT, use `Advanced options for CentOS Linux>CentOS Linux, with Linux 3.10.0-123.el7.x86_64' (for versions before 2.00) or `gnulinux-advanced-89f6069e-b33b-4d18-aa43-bf2cd5702846>gnulinux-3.10.0-123.el7.x86_64-advanced-89f6069e-b33b-4d18-aa43-bf2cd5702846' (for 2.00 or later)
Found linux image: /boot/vmlinuz-0-rescue-d1222860536444a9811e04e8990a10ff
Found initrd image: /boot/initramfs-0-rescue-d1222860536444a9811e04e8990a10ff.img
done
#

So now….let’s do this, let’s get back into the KVM and reboot the server

 

We’re going to need to mount sda3 into the /mnt folder, and start the install process.

# mount /dev/sda3 /mnt

Now, we follow the ArchLinux install guide https://wiki.archlinux.org/index.php/Installation_guide#Install_the_base_packages

# pacstrap /mnt base

After you’ve finsihed the install and following that guide, you’ll get to the bootloader. Here we’re going to override and pretend that centOS never existed and just reinstall grub. An alternative approach would have been to add a menuentry for Arch to centOS’s GRUB menu or vice versa, but we’re not dual-booting here.

# pacman -S grub-bios
# grub-install /dev/sda
# grub-mkconfig -o /boot/grub/grub.cfg

Now, centOS is lost in the partitions. We are now Arch Linux. Let’s exit out of this chroot and reboot.

# exit
# reboot

So now we’re on ArchLinux, but…..we’re a remote server with no network capability. This is because our network interface doesn’t know it should be turned on and getting an IP from dhcp. So lets use the KVM and find out what the name of our NIC is.

# ls /sys/class/net
lo en01234567

Here we see our LoopBack is lo, and our Ethernet is en01234567. That’s a hell of a name to remember, so let’s change it to something simple like net0. First get the Mac Address and then edit the network interface and reboot

# ip link show en01234567
en01234567: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 08:00:27:23:6f:3a brd ff:ff:ff:ff:ff:ff

# ip link set en01234567 down
# vi /etc/udev/rules.d/10-network.rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="08:00:27:23:6f:3a", NAME="net0"
:wq

# udevadm --debug test /sys/class/net/en01234567
# reboot

# systemctl enable [email protected]net0.service
# reboot

Now everything should be working and you should be able to install ssh and get out of the KVM. We’re going to allow root to login for now, but later, stick to better security measures.

# pacman -S openssh

# vi /etc/ssh/sshd_config
....
..
PERMITROOTLOGIN YES
:wq

# systemctl start openssh

 

And that’s it. We can now do what we’d like with our ArchLinux.

Maybe nexttime, we can get rid of the safety nets, mount the ArchLinux iso into /dev/sda3 and install directly onto the primary. I’d suspect that a better setup would have been 1GB Swap as sda1, 25GB SDA2 for Centos, then a 4GB parition to mount archlinux.iso into. Then we could have overridden sda2 with our ArchLinux install, and good, but for now, we have a safety net of going back to centos if things get foobar’d.