ClusterSSH is a tool for making the same change on multiple servers at the same time. The ‘cssh’ command opens an administration console and an xterm to all specified hosts. Any text typed into the administration console is replicated to all windows. All windows may also be typed into directly.
This tool is intended for (but not limited to) cluster administration where the same configuration or commands must be run on each node within the cluster. Performing these commands all at once via this tool ensures all nodes are kept in sync.

Source code is available from the SourceForge git repository (see and also via a mirror on GitHub (see

cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671


Posted on October 26, 2012 by cPanel

A remote code execution vulnerability exists in Exim versions between 4.70 and 4.80, inclusive. Exim is the mail transfer agent used by cPanel & WHM.

Security Rating
This vulnerability has been rated as Critical [1] by the cPanel Security team.

Continue reading “cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671”



Shelr is a service which allows you to record and replay and publish your terminal on This can be useful when you need to provide instruction on how a task was accomplished to a client. Granted, you will not want to publish any sensitive info when using this tool. The code for service is also available on github.
Continue reading “Shelr”

BetterLinux – A CloudLinux Alternative


BetterLinux is a collection of system resource management and monitoring tools intended for hosting providers, data centers, SaaS companies, and cloud environments. With it, you can control use and allocation of CPU, memory, MySQL, device I/O bandwidth, and IP bandwidth resources. Individual users and processes that exceed set resource limits can be isolated from other system users and throttled as necessary. Continue reading “BetterLinux – A CloudLinux Alternative”

cPanel ‘bug’ in WHM 11.34

cPanel has introduced an auto-discover SRV into zone files for domains that are apparently in /etc/remotedomains with the new WHM upgrade.

An additional SRV line is added that send email clients to a cPanel page ( rather than to their Echange server.

They have added a ‘beta patch’ in this forum link. In order to disable the autoconfig/autodiscovery support on remote domains, please see the info located here:

You do need to be in the correct sub-directory as shown on this page to successfully run that patch command.

Add a Separator Between Commands in Linux Terminal


If working in the Terminal gets a little confusing because you run so many commands at once, this little trick will put a separator in between each prompt so you can easily see the last few commands you ran. Blogger Emilis found that his bash prompt was getting a bit too cluttered, so he implemented this tweak to throw a long, dotted line between each command. He also bolded each command he ran, so he could easily scroll back and tell the difference between each command he ran and its output.
Continue reading “Add a Separator Between Commands in Linux Terminal”

The Ultimate Vim Distribution


spf13-vim is a distribution of vim plugins and resources for Vim, GVim and MacVim. It is a completely cross platform distribution that stays true to the feel of vim while providing modern features like a plugin management system, autocomplete, tags and tons more.

Easy Installation *nix and os x
The easiest way to install spf13-vim is to use our automatic installer by simply copying and pasting the following line into a terminal. This will install spf13-vim and backup your existing vim configuration. If you are upgrading from a prior version (before 3.0) this is also the recommended installation.

curl -L -o - | sh

Updating to the latest version
git pull
vim +BundleInstall! +BundleClean +q

For more info go to

SMS Alerts When your Website is Down


You can use Google Docs to monitor your website’s uptime and get instant alerts if your site is down or unavailable to visitors. The latest version of this Google Docs based website monitoring tool is even better:

  1. You can now monitor multiple websites and blogs for downtime/uptime in one go.
  2. In addition to email alerts, you can now choose to receive SMS alerts on our phone if any of your sites are down.

The text alerts are routed through Google Calendar and are therefore free.

In fact, this is probably the only tool that lets you monitor unlimited number of website domains and offers both SMS and email based alerts without charging a penny. Here’s how you can install the monitor in Google Docs in less than 60 seconds:

Website Monitor with SMS Alerts

Build your own website monitoring tool with Google Docs, SMS alerts included

Real-time Website Monitor with Text Alerts

  1. Click here to create a personal copy of the Website Monitor HD sheet in your own Google Docs account.
  2. You’ll see a new Website Monitor menu in the toolbar. Click Initialize and you’ll get a pop-up asking for authorization. Just say Yes.
  3. Put your Website URLs in cell B2 (comma separated) and your email address in cell B3.
  4. Go to the Website Monitor menu again and choose “Start Monitoring”.

That’s it. Close the Google Docs sheet and it will monitor your sites in the background. If you do not wish to receive SMS alerts, simply change the value of cell B4 from Yes to No.

The full source code of the project is available at – no one else has access to your data and you can disable the script anytime by setting the email address in cell B3 to blank.


key-based ssh authentication – Simple tar backup for free forever


feature request for tarbackup is using a private ssh key instead of a password to connect to the tarbackup server when using sftp to backup files. I’m happy to report that we now support public/private keys for sftp authentication!

To use an ssh key with tarbackup, first use this command to create your public/private key-pair:

# mkdir ~/.ssh
# cd ~/.ssh
# ssh-keygen -f tarbackup_rsa -C .youremail. -N . -t rsa -q

This will generate 2 files: tarbackup_rsa and tarbackup_rsa is your private ssh key, you will keep this on your computer as proof that you are who you are. is a public key that you send to the server so that can authenticate you when you log in via sftp in the future.

To use your private key to authenticate you when you login via sftp, you need to create an ssh_config file in your home directory with:

# echo "IdentityFile ~/.ssh/tarbackup_rsa" > ~/ssh_config

This is the config file that specifies where your private ssh key is.

You’ll pass the ssh_config file as a parameter to the sftp program when you connect to via sftp:

# sftp -F ~/ssh_config


And that’s it! Let me know if you have any feedback or questions@davidnanch.


WHMCS Security Alert

Just a heads up for the peep’s using WHMCS…

WHMCS Security Alert

“We have become aware of a security issue that exists in the third party Boleto
module included in WHMCS releases. This can potentially be used to exploit a
WHMCS installation.

If you do not use the Boleto module, then the quickest and easiest solution is
to simply delete the /modules/gateways/boleto/ folder entirely after which you
will not be at risk.

Alternatively if you do use the module, you can download and apply the patch to
your installation here: Download Patch

This issue affects all WHMCS versions.

If you have any questions or need any assistance, please do not hesitate to
contact us. We apologize for the inconvenience.”